The two-month mark of the Russia and Ukraine war has passed, with Russia almost certainly having failed to meet its initial strategic goals. While Russian commentators may try to paint the ongoing conflict in a favorable light, Russian President Putin’s ‘special military operation’ was almost certainly intended to produce a lightning offensive, enabling the Russian military to knock out Ukraine’s government and install a puppet regime within a matter of weeks. Russia clearly underestimated the capability and resolve of the Ukrainian military and population, with the ongoing war resulting in catastrophic losses for the Russian military. With the Russian military withdrawing from the wider Kyiv region and consolidating its forces for a renewed offensive in the east, we explore the big factors that have led to Russian failure and what might happen next. 

Fail to prepare, prepare to fail

Two months into the conflict and it’s hard to imagine how Russian military planners could have conducted a worse operation. The scale of current losses for Russia has been estimated by the UK’s defense secretary to be around 15,000, while the Ukrainian figures suggest as many as 21,000 may have been killed in action. Whatever the real figure, the scales of losses are truly staggering. To put into context, the Russian military lost approximately 15,000 personnel during a 10-year conflict in Afghanistan in the 1980s, and approximately 7000 during the second Chechen war. Bottom line upfront; it’s unlikely that the Russian military can carry on with the same operational tempo if these rates of attrition continue. 

Before the conflict even began, a distinct lack of clearly defined goals have led to a confused, and in many ways, handbraked invasion. Russian President Vladimir Putin’s justification for the conflict was reportedly to demilitarize and ‘denazify’ Ukraine, a claim as implausible as it is unachievable. What does a victory look like under these circumstances? Military planners need clearly defined goals and achievable ways to accomplish them. It’s likely that before the invasion began, the main effort to achieve these vague objectives would be to topple Ukraine’s President Volodymyr Zelensky’s government and install one favorable to Russia. The solitary method of achieving this goal—which appears to have been a mad dash to Kyiv—has fallen well short of the mark. Russia’s initial movements in the conflict appear to have attempted to bypass much of the worst fighting, avoid the worst of the west’s sanctions, and bring the conflict to a close as quickly as possible. Of course, this effort has completely failed, and Russia has instead fallen into exactly what they hoped to avoid, a long and bloody war of attrition. 

This appears to have been influenced by many intelligence mistakes that failed to identify the level of resistance the Russian forces would face within Ukraine, and the response of the international community. We’ve previously reported on the necessity for priority intelligence requirements (PIRs) to plan for this conflict.  It appears Russia’s military planners dramatically failed in this stage and their assessment of how the conflict would play out.

The importance of logistics

Renowned U.S. Army Gen. John Pershing once said, “Infantry win battles, logistics wins wars.” This has been identified as one of the core reasons for the Russian failure in Ukraine, with the Russian logistical supply chain being completely unprepared for a lengthy conflict. This was best demonstrated by the 40km convoy of armored vehicles stalling outside Kyiv, which made easy targets for the significant numbers of Ukrainian anti-armor weapons, in addition to the Bayraktar unmanned combat aerial vehicle (UCAV), which has been deployed to great effect during the conflict.

40Km convoy of armored vehicles outside of Kyiv in early March 2022

There are many reasons for these logistical issues. From a doctrinal perspective, the Russian military is known to use the push-based perspective towards its logistical supply chains, i.e. where forces are resupplied on a predictable basis, as determined by leadership and ahead of time. This differs from the pull-based logistics system used by most western militaries, where fighting forces are resupplied as needed and can adapt to real-time conditions. Ultimately, by assuming the war would be over in a matter of weeks, the Russian military simply cannot cope with the additional munitions needed to fight a prolonged conflict. This is where intelligence failures ultimately lead to logistical and other problems later down the line. 

Another major factor in the current logistical problems is the overreliance on rail networks for supply; which is a hangover from the Cold War era. Ukraine forces have routinely sabotaged rail tracks leading from Russia to Ukraine, forcing Russia to change from a rail to a truck-based supply chain. Again, these soft targets made easy prey for Ukrainian forces working behind an increasingly isolated supply chain. Without fuel and munitions, an army simply cannot fight. I’m sure you’ve seen several of the videos circulating online of Ukrainian farmers requisitioning abandoned Russian armored units. Many of these multi-million dollar assets are being abandoned largely because of something as simple as a lack of fuel.

One of the major advantages of NATO and many western militaries is the capability to conduct operations at any point of the globe; this has been demonstrated repeatedly in recent years, from the second Gulf war, Afghanistan, Syria, and Libya. Many of the logistical weak points of the Soviet military have been laid bare, with the Russian military seemingly unable to supply its forces mere miles from its own border.

A restrained approach to offensive cyber

Another surprising development during the conflict has been a visible absence of offensive cyber used throughout the conflict. This has caught many within our industry by surprise, with the common sentiment perhaps being that Russia would bring the full force of its offensive cyber capabilities down onto Ukraine. There has been reporting of destructive malware used within the conflict, however at a far more restrained level than expected. There are several reasons we can provide for this. 

As mentioned above, Russia attempted in the early days of the conflict to produce a quick win, with the Russian advances aimed at bypassing the majority of the hard fighting and producing a knockout blow against the Ukrainian government. By doing so, Russia could potentially have avoided a long and bloody conflict, and avoided the worst of the inevitable sanctions. This restrained approach may influenced Russia’s use of cyberattacks during the conflict. Nation-state aligned attacks against critical national infrastructure may have been seen as an unnecessarily harmful tactic in a country that they were supposedly liberating, and would inevitably have to pick up the pieces and govern; even through a puppet regime. It’s also possible that the Russian state simply has bigger issues at hand. We’ve already mentioned the intelligence and logistical problem, but problems with communications, establishing air superiority, and the impact of sanctions, are likely higher on the priority list for Russian military planners at this time.

We previously reported on the cybercriminal reaction to the Ukraine conflict. Overall, while some groups like Conti and CoomingProject have expressed their support for the Russian war effort, most groups have taken a neutral stance or otherwise decided to stay clear of aligning themselves with either side. It’s likely that these cybercriminal groups are fearful of sticking their head too far above the parapet, with the eyes of the world firmly on what’s happening on the ground in Ukraine; any cybercriminal attacks against Ukrainian organizations could be viewed under an even less favorable light given

what is happening right now. It’s also debatable whether attacking Ukrainian organizations would even result in a payment of a ransom. Why would an organization pay under such difficult circumstances, and what would the optics look like for any Ukrainian organization paying extortion groups, who are largely run by Russian cybercriminals? Ransomware groups may have determined that steering clear of the organizations involved in the conflict zone is in their best interest.

The Conti ransomware group expressed support for the Russian government, however they were an outlier in this stance

One factor that we in the security community perhaps haven’t considered, is that the use of offensive cyber warfare may in fact have a lesser role than we give credit for. During peacetime, using offensive cyber attacks allows Russia to pursue the art of brinkmanship, potentially by committing to significant cyberattacks yet stopping before they result in a physical escalation. During a conventional war, the use of such attacks are likely prioritized as a secondary effort; it’s hard to get excited about the success of a DDoS attack when troops on the ground are failing to be resupplied in a sufficient manner and suffering heavy losses. The war between Russia and Ukraine represents the first armed conflict between two developed nations in many years. Exactly how this has played out has taken many by surprise, including those in the security community. It’s possible that analysts may simply have overestimated the value of cyberattacks during a ground war.

What happens next?

With the Russian main effort toward Kyiv abandoned, a dramatic pivot in objectives for the Russian military is likely. Social and economic pressure on Russia continues to build with every day that the war continues, and there needs to be a realistic ‘win’ that President Putin can present as a justification to end the conflict. This is likely to come in the form of a recalculation of Russia’s initial objectives, in focussing on the Donbas region, home to the separatist regions of Luhansk and Donetsk. This may also include further incursions to control the south of Ukraine, permitting a land border with Crimea and potentially even the breakaway region of Transnistria; Transnistria is a breakaway state that has declared allegiance with Russia however is internationally recognized as part of Moldova. Of course, any incursions into Moldova would be a significant escalation in the war, and while these objectives have been outlined by the Russian Ministry of Defence, it’s unclear if Russia has the capacity to conduct such an operation. 

From a cyber perspective, it’s realistically possible that nation-state associated cyber attacks will escalate as the conflict continues. Recent reporting has highlighted a renewed attempt to use the “Industroyer” malware, which previously had been used to great effect in disabling power across Kyiv in 2016. Targeting critical national infrastructure might become more common as a medium for producing pressure on the Ukrainian government. It should be stated that advanced cyber operations are by nature difficult to detect; it is realistically possible that such preparation for such activity is taking place right now, however will not become clear until the following months. We’ve previously reported on hacktivism, which is likely to continue its revival as the conflict continues. From a cybercriminal perspective, while at present it appears that the majority of ransomware activity is staying well clear of the conflict, that could change quickly. 

The conflict is a highly dynamic environment and subject to rapid changes. It’s difficult to predict exactly what will happen next, so staying on top of current events and threats is as important now as ever. Digital Shadows (now ReliaQuest) has been closely monitoring cyber threats associated with the Russia/Ukraine conflict. For more Digital Shadows (now ReliaQuest) intelligence on events in Ukraine and Russia, please visit: