A New Path to Cyber Conflict with Russia

Fine Print

Pulitzer Prize Winning Journalist Walter Pincus is a contributing senior national security columnist for The Cipher Brief. He spent forty years at The Washington Post, writing on topics that ranged from nuclear weapons to politics.  He is the author of Blown to Hell: America's Deadly Betrayal of the Marshall Islanders.  Pincus won an Emmy in 1981 and was the recipient of the Arthur Ross Award from the American Academy for Diplomacy in 2010.

View all articles by Walter Pincus

OPINION — Last Thursday, in a little-noticed U.S. Treasury Department press release, the Biden administration accused Russia of currently implementing a 2020 information warfare plan for “destabilizing the political situation in Ukraine and laying the groundwork for creating a new, Russian-controlled government in Ukraine.”

The plan, according to the Treasury release, included “identifying and co-opting pro-Russian individuals in Ukraine and undermining prominent Ukrainians viewed as pro-Western, who would stand in the way of Russian efforts to bring Ukraine within its control.”

“Russia has directed its intelligence services to recruit current and former Ukrainian government officials to prepare to take over the government of Ukraine and to control Ukraine’s critical infrastructure with an occupying Russian force,” according to the Treasury release.

The release named two current Ukrainian Members of Parliament, Tara Kozak and Oleh Voloshyn, as being “at the heart” of the Russian effort. Both are members of Platform – For Life, the pro-Russian opposition party in Ukraine, whose leader, Victor Medvedchuk, is a close personal friend of Russian President Vladimir Putin. In fact, Putin is godfather to Medvedchuk’s daughter.

Then last Saturday, the British Foreign Office echoed the U.S. Treasury information in an unusual public statement that said, “We have information that indicates the Russian Government is looking to install a pro-Russian leader in Kyiv as it considers whether to invade and occupy Ukraine.”

The British statement went on to identify four pro-Russian Ukrainian politicians, adding that some of them “have contact with Russian intelligence officers currently involved in the planning for an attack on Ukraine.” Also named was Yevhen Murayev, a former Ukrainian Member of Parliament, whom the British described as being considered by Moscow as a leader in a future pro-Russian Ukrainian government.

Three of the four British-named Ukrainian politicians served high in the government of former president Viktor Yanukovich, who fled to Russia in 2014. The three may be either in Russia, or in the breakaway Ukraine Dombas region. Murayev, who is in Ukraine and heads a television channel, is considered pro-Russian and has spoken in favor of Moscow’s taking of Crimea. On Sunday, he told the British newspaper The Observer, “The British Foreign Office seems confused. It isn’t very logical. I’m banned from Russia. Not only that but money from my father’s firm there has been confiscated.”

The U.S. Treasury and British Foreign Office public releases of what would once have been considered highly sensitive intelligence information may illustrate that we are in a new phase of information warfare among major powers over Ukraine.

Whether exposing this type of activity will help diplomatic efforts to avoid an actual Russian military invasion of Ukraine, as the buildup of Moscow’s forces seems to forecast, remains to be seen.

The Russian foreign ministry immediately denied the British accusation saying, “The spread of disinformation by the British foreign ministry is one more piece of evidence that NATO countries, led by the Anglo Saxons, are escalating tensions around Ukraine.”

Those named in the U.S. Treasury release have long pro-Russian backgrounds.


Listen to The Cipher Brief’s Open Source Report Podcast – a weekday open source collection of the stories impacting national security with your hosts Brad Christian and Suzanne Kelly.  Subscribe wherever you listen to podcasts.


Kozak nominally controlled several media news channels in Ukraine which the Treasury release said supported Russia’s plan “to denigrate senior members of Ukrainian President Volodymyr Zelensky’s inner circle, [and] falsely accusing them of mismanagement of the COVID-19 pandemic.” Although Kozak supposedly purchased the channels, it was thought that the funds came from Medvedchuk or even Russia’s Federal Security Service, the FSB.

Medvedchuk is currently under house arrest, accused of treason last May, based on evidence alleging he was involved in illegal coal shipments to Russia from the uncontrolled territories in eastern Ukraine, which the current Ukraine government considers as financing terrorist activity.

Last year, the Ukrainian government closed down Kozak’s television channels based on their carrying on a pro-Russian information policy, but he still operates internet news sites. In May, Kozak was also accused of treason along with Medvedchuk.

The Treasury release also said, “Throughout 2020, Kozak worked alongside FSB intelligence agents. “Back in 2020, Kozak was accused of using his news services to legitimize false claims about Candidate Joe Biden and his son, Hunter, that Ukrainian Andrii Derkach had passed on to Trump attorney Rudy Guiliani.

Voloshyn was a former a presidential attaché in the Ukraine Embassy in Moscow, then from 2010-to-2013 spokesman for Ukraine’s Foreign Ministry. In 2019, he was elected as a member of Parliament on the pro-Russian Platform-For Life party list. As with Kozak, Voloshyn was also involved in 2016 with the U.S. presidential election where he was associated with both Trump campaign aide Paul Manafort and Konstantin Kilimnik, a Russian national who was indicted for obstruction of justice as part of the Mueller investigation.

In 2021, the analysis of the U.S. Intelligence Community named Kilimnik as one of the proxies who promoted misleading information about Candidate Biden “to US media organizations, US officials, and prominent U.S. individuals, including some close to former President Trump and his administration.”

Under last Friday’s sanctions, all property and financial interests of Kozak and Voloshyn in the United States were blocked. In addition, U.S. persons were thereafter prohibited from having transactions with them including providing to or receiving from them funds, goods or services.

Kozak and Voloshyn were sanctioned under an April 15, 2021, Biden administration Executive Order (E.O.) which specifically was aimed at new and novel threats emerging from harmful activities of the Putin government.

Included as sanctionable acts, were “efforts to undermine the conduct of free and fair democratic elections and democratic institutions in the United States and its allies and partners…malicious cyber-enabled activities against the United States and its allies and partners; to foster and use transnational corruption to influence foreign governments; to pursue extraterritorial activities targeting dissidents or journalists; to undermine security in countries and regions important to United States national security; and to violate well-established principles of international law, including respect for the territorial integrity of states.”

The Miller & Chevalier law firm analysis of the Biden E.O.  described it as “a sweeping new sanctions tool aimed at countering a wide range of Russian government-backed malign activities, including interference in the 2020 U.S. presidential election, the SolarWinds cyberattack, and Russia’s ongoing occupation of the Crimea region of Ukraine, among others. “

When the E.O. was first announced back in April 2021, the Treasury Department applied sanctions to six Russian technology companies claiming they were supporting activities of the GRU [Russia’s military intelligence]. The SVR [Russia’s foreign intelligence service] and the FSB.

The two other Ukrainian officials sanctioned last week by the U.S., Volodymyr Oliynyk and Vladimir Sivkovich, were involved in Russia’s earlier hybrid tactics that resulted in Moscow gaining control of Crimea and areas of the Donbas region of Ukraine.

Oliynyk, a former Ukrainian official who fled Ukraine and currently lives in Russia, has “worked at the direction of the FSB to gather information about Ukrainian critical infrastructure,” according to the Treasury release. 

Russia, in previous incursions into Ukraine, “pursued broad cyber operations against critical infrastructure,” Treasury said, adding that Moscow’s operatives, “focused on disrupting one critical infrastructure sector in particular: Ukraine’s energy sector. Russia has also degraded Ukraine’s access to energy products in the middle of winter.”

Sivkovich, the former Deputy Secretary of the Ukrainian National Security and Defense Council, worked last year, “with a network of Russian intelligence actors to carry out influence operations that attempted to build support for Ukraine to officially cede Crimea to Russia in exchange for a drawdown of Russian-backed forces in the Donbas, where separatists continue to receive support from Russia,” according to the Treasury release.

Sivkovich, according to Treasury, has ties to the FSB and, “also supported an influence operation targeting the United States from 2019 to 2020.”

On January 15, Microsoft announced its investigators had discovered destructive malware on dozens of Ukraine government, non-profit and information technology organizations in that country. Oddly, the malware shows a ransom demand, but that appears to be a ruse since there was no way shown to decrypt the information if the ransom is paid.

Last Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed press reports that “public and private entities in Ukraine have suffered a series of malicious cyber incidents, including web defacement and private sector reports of potentially destructive malware on their systems.”

Apparently referring to the Microsoft disclosure, CISA said one malware system was similar to NotPetya. CISA described that finding as “particularly alarming” because NotPetya was found by CIA to be a Russian GRU creation after it was used in 2017 against Ukraine where it caused widespread damage to critical infrastructure. It, too, behaved more like destructive malware rather than ransomware.

President Biden, in his two-hour press conference last Wednesday, specifically mentioned Russia’s cyber activity in Ukraine saying, “They have FSB people in Ukraine now trying to undermine the solidarity within Ukraine about Russia and to try to promote Russian interests.”

“If they continue to use cyber efforts,” Biden said, “well, we can respond the same way, with cyber.” 

Read more expert-driven national security insight, perspective and analysis in The Cipher Brief

Fine Print

Pulitzer Prize Winning Journalist Walter Pincus is a contributing senior national security columnist for The Cipher Brief. He spent forty years at The Washington Post, writing on topics that ranged from nuclear weapons to politics.  He is the author of Blown to Hell: America's Deadly Betrayal of the Marshall Islanders.  Pincus won an Emmy in 1981 and was the recipient of the Arthur Ross Award from the American Academy for Diplomacy in 2010.

View all articles by Walter Pincus

Comments are closed.

Related Articles

Search

Close