ArchiveOODA OriginalSecurity and Resiliency

Will Russia Turn to Cybercrime to Offset Stringent Economic Sanctions?

Since the start of Russia’s invasion of Ukraine, the conflict has spilled into cyberspace with state and non-state actors taking sides and conducting a variety of disruptive operations. Russia state actors have executed eight new types of malware attacks against Ukraine, impacting government, business, financial institutions, and energy organizations, as well as a U.S. satellite communications provider. Ukrainian supporters have equally responded in kind. Notorious hacktivist group Anonymous and Ukraine’s volunteer IT Army have retaliated against Russian government and military entities in kind.  They have doxed thousands of Russian soldiers information and even disrupted Belarusian rail lines to slow Russian troop movement.  The failure to create a cyber “shock and awe” have led many to believe that Russia might lack the capability to produce one.

While the cyber war rages on, several governments in the global community have implemented a series of severe economic sanctions against Moscow.  Currently, Russia is now the world’s most sanctioned country, well ahead of governments like North Korea and Iran, the latter of which had previously occupied the top spot.  The longer the conflict persists, the more Russia suffers economically, which is a key objective of sanctions. However, without aggressively targeting Russia’s potent oil industry, sanctions may not yield favorable results in time.  Recent evidence has shown that Russia has withstood sanctions thus far with its ruble strengthening not weakening.

While sanctions are an important tool to influence a state’s behavior, it takes time before it causes an intended affect. Therefore, it’s necessary for the global community to target Moscow where it hurts most. Russia is currently the world’s third largest producer of oil (behind the United States and Saudi Arabia), and makes approximately USD 720 million a day from its oil industry. According to the International Energy Agency, Europe receives nearly half of Russia’s crude and petroleum exports. Therefore, it’s easy to see why Europe has not gotten on board with other countries in sanctioning Russian oil.

But should Europe, as well as a few other significant oil consumers, come around, there is a real chance of hurting Russia economically. In such a case, Russia may need to implement tactics to evade them or find a course of action that at least lessens their effect.  While there are myriad options available to circumvent sanctions, Moscow may find itself in a cash-strapped position and may elect to follow in the steps of North Korea to find sanction relief. Since at least 2015, North Korea has engaged in activities typically associated with cybercriminals such as bank theft, cryptocurrency theft, ATM cash-outs, and ransomware operations. Additionally, North Korea has successfully turned to cryptocurrency mining as a legitimate way to make money and offset the crippling effects of sanctions.  North Korea made approximately USD 2 billion to fund its weapons of mass destruction program, and recently is linked to a USD 620 million theft of cryptocurrency. In addition, North Korea has pursued and increased its cryptocurrency mining efforts to further offset sanctions.

Russia has a potent cybercriminal ecosystem at its disposal that has consistently demonstrated itself to be sophisticated, enterprising, aggressive, and very capable at both creating new tools and offering services for other criminals. In 2021, global cybercrime made nearly USD  6 trillion, with more than USD 400 million coming from ransomware payment. This is significant when you consider that 74 percent of these ransomware payments went to Russian gangs. This does not even take into account other cybercrime-as-a-service offerings from which Russian cybercriminals make money.  Additionally, Russia’s cybercrime community is extremely loyal to Moscow, unofficially operating on the following code: don’t hack Russian organizations or individuals; if Russian intelligence asks for your help, give it; and be careful where you vacation. Indeed, at the onset of the Ukraine conflict, several Russian cybercriminal gangs declared their support for Moscow, conducting operations against Ukrainian targets for the purposes of causing damage and not making profit.

Russian cybercrime drives cryptocurrency money laundering activity. Individuals and groups based in Russia have a large share of “activity in several forms of cryptocurrency-based crime.” According to a company that tracks cryptocurrencies, Russia has several cryptocurrency business that have processed substantial transactions from illicit (ie, criminal or tied to criminal) addresses. Crypto-mining provides such value that the United States sanctioned Russia’s largest company and the world’s largest hosting provider for green cryptocurrency mining.  BitRiver in late April 2022, in anticipation of Moscow leveraging this avenue for sanction relief. Because of such actions, Moscow could leverage its cybercriminals to do engage in this activity on a large, global scale.

The world is already preparing for Russian cyber attacks to target countries supporting Ukraine via financial and/or military aid. On April 20, U.S. government agencies and international partners published an advisory on the Russian state-sponsored and Russian cyber criminal threat to conduct disruptive attacks against critical infrastructure. This comes on the heels of similar advisories put forth by the U.S. government in January (focusing on Russia cyber activity against critical infrastructure) and in March (focusing on Russian cyber activity against the energy sector). And while these attacks may very well happen, Russia may capitalize on these warnings by directing its more sophisticated and successful cybercriminals to conduct cybercrime that benefits Moscow.

In this capacity, in addition to disruptive attacks achieving their intent they also attract global attention, serving as a useful distraction to other criminal endeavors. What’s more, Russian cybercriminals are more apt to target large profitable organizations outside countries in the immediate region or supporting Ukraine. Countries believing themselves far removed from the conflict may be less apt to suspect they will be targeted by proxies of either side, reducing their vigilance of the Russian threat. Only Moscow can determine if it has hit that economic threshold that it needs cash to balance the financial requirements of an ongoing military effort and keeping civilian discontent at a minimum.  Moscow’s turning to its cybercrime ecosystem for help may be the best sign that Russia may be on its last legs and encourage the global community to ratchet its economic hold on Moscow to bring this conflict to a conclusion.

Related Reading:

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency


The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community

Emilio Iasiello

Emilio Iasiello

Emilio Iasiello has nearly 20 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in such peer-reviewed journals as Parameters, Journal of Strategic Security, the Georgetown Journal of International Affairs, and the Cyber Defense Review, among others. All comments and opinions expressed are solely his own.