Russia’s campaign to justify an increasingly likely invasion of Ukraine became more blatant over the past few weeks. Moscow has used diplomacy, disinformation, and cyber operations to set the stage for a Kremlin-directed provocation that could be denied or framed as legitimate.
With more than 100,000 troops near Ukraine’s border, Russia is trying to create a crisis that would make a military offensive look like defense. Is Russia succeeding?
Russian diplomats this month have sat down with multiple US delegations, NATO officials, and representatives of the Organization for Security and Cooperation in Europe (OSCE). All of the discussions centered on Moscow’s demands, and all of them failed to de-escalate tension.
Russia’s recent hacks are part of a broader set of plausibly deniable and short-of-war offensives meant to aggravate the conflict.
With a potential war in Ukraine as leverage, the Kremlin has insisted that NATO reverse much of its post-Cold War development and restore Moscow’s sphere of influence. Russia’s proposed agreement would give it a veto over NATO expansion, roll back the alliance’s military infrastructure to its 1997 boundaries, and prohibit NATO from positioning offensive strike weapons near Russia. NATO unsurprisingly rejected these demands, and Russia’s talks with the United States and the OSCE resulted in “a dead end,” according to one of Moscow’s lead negotiators.
Russia tailored its proposals to be non-starters, entering discussions that were predetermined to fail in order to claim it had tried diplomacy and to paint the West as “arrogant, unyielding, and uncompromising.” These diplomatic exercises were used to discredit de-escalatory options and legitimize the use of force as a potential means to resolve the conflict.
THE DISINFORMATION CAMPAIGN
On Jan. 14, 2022, US officials warned that Russia was “laying the groundwork” to create “a pretext” to intensify the conflict in Ukraine. Moscow is spreading disinformation about an imminent Ukrainian attack on Russian forces, and the Kremlin has even sent operatives to attack its own proxy groups in Ukraine, the White House said.
Russian officials have been setting expectations for a false flag operation for over a month. On Dec. 2, 2021, Russia’s Federal Security Service (FSB) claimed to have stopped three Ukrainian agents in Russia who were planning a terrorist attack. In late Dec. 2021, Defense Minister Sergei Shoigu said that US mercenaries are preparing a chemical weapon attack in eastern Ukraine. And last week, Foreign Ministry spokeswoman Maria Zakharova said that the United States and Ukraine could stage a provocation ahead of the Winter Olympics in China. These narratives, which disinformation sites linked to Russian intelligence have amplified, are meant to lend the Kremlin a degree of deniability if it decides to fire the first shots of a renewed war.
Alongside those baseless warnings, Russian officials have characterized Ukrainian President Volodymyr Zelensky as an extremist, who is sympathetic to Neo-Nazis. Russian President Vladimir Putin also falsely claimed the conflict in eastern Ukraine “looks like a genocide.” Russian diplomats followed suit by arguing that Ukraine regularly violates human rights. The Kremlin is betting these accusations will make its military buildup look like a humanitarian mission.
On the cyber front, Kyiv has blamed Moscow for a hack that earlier this month turned dozens of Ukrainian government websites into a message warning, “Be afraid and expect the worst.” The threat was written in Ukrainian, Polish, and Russian. It also referenced a point of tension between Poland and Ukraine, apparently to frame Polish nationalists.
The defacements were unsophisticated, but they were also ominous and effective. Georgian government websites were vandalized ahead of Russia’s invasion in 2008. And while last week’s manipulation of Ukrainian websites wasn’t complex, it advanced Russia’s broader disinformation campaign and distracted from more damaging cyber operations.
On Jan. 13, 2022, Microsoft detected destructive malware targeting the Ukrainian government, non-profit, and information technology organizations. The malware, known as WhisperGate, disguises itself as ransomware but, when activated, it leaves computers without data or the ability to operate. Microsoft didn’t attribute the activity to Russia, but its discovery coincided with the Kremlin-linked defacements. The malware and the fake ransom demand are reminiscent of past Russian data-wiping hacks that have disrupted Ukrainian electric utilities, railway systems, and government agencies. It’s also similar to the NotPetya malware, which Russia used to target Ukraine in 2017 and became history’s costliest cyberattack.
While Russia’s recent hacks undermine confidence in Ukraine’s cybersecurity and could presage future attacks, they are also part of a broader set of plausibly deniable and short-of-war offensives meant to aggravate the conflict. A proportionate Western response could give Moscow a shot at playing the victim and a reason to escalate. Russia’s demands have left little room to use a cyber offensive to save face. Moscow’s ambition to change Ukraine’s political orientation will require more than cyber weaponry. Recent hacks are likely steps toward a shooting war.
BUILDING THE CASE
Russian diplomats, propagandists, and intelligence operatives are building a case for more violence in Ukraine. They are making unrealistic demands, pushing disinformation about a false flag operation, and using cyberattacks that could instigate a broader conflict.
The Kremlin’s pursuit of a pretext is meant to frame a possible Russian offensive as defense. Western efforts to expose Moscow’s planned escalations have limited the Kremlin’s ability to deny a provocation or frame it as legitimate. It’s important to continue shinning lights on Russian efforts to incite war and to assign blame where it’s due.
Joseph Bodnar is a research assistant with the Alliance for Securing Democracy at the German Marshall Fund. His research focuses on Russian efforts to interfere in democracies.