Russian Presidential Election: Cyber Threat Considerations

The first round of the 2024 Russian presidential elections is scheduled to occur from the 15th – 17th March with a possible second round in April. This will be the first presidential election to occur following the 2020 constitutional amendments that annulled the count of consecutive presidential term.  

With continuing economic sanctions resulting from the ongoing Ukrainian conflict, it has been assessed to be highly likely that the economy and the invasion will be key driving points for voters. However, intelligence indicates that the election will have little impact with regards to resolving the war against Ukraine. 

Based on these unstable conditions, the election will likely provide motivation for Russian-aligned hacktivists to launch DDoS operations to propagate sentiment in solidarity with Moscow. 

There are three key trends we’ve observed in the run-up to this election. Firstly, hacktivism has emerged as a staple within the context of ongoing geopolitical tensions, with threat actors applying disruptive efforts to influence perceptions without intending serious harm. Secondly, the surge in hacktivist operations targets nations based on their geopolitical stance and support for Ukraine, resulting in a complex digital battleground. Thirdly, analysis of attacks has revealed a nuanced landscape of “proportionate” and “disproportionate” hacktivist targeting in alignment with Israeli support, indicating the strategic motivations behind cyber campaigns. 

Recent Developments 

The run up to the election has already been reported to have coincided with Russia’s election systems are reportedly being targeted by cyberattacks, according to local authorities. A Russian official from the Ministry of Foreign Affairs recently announced that Western-based cyber threat actors have initiated an interference campaign directed at the Russian election infrastructure. 

The Russian National Computer Incident Coordination Center (CERT) has also issued a warning to online voters about the danger of surging threats, stating that cybercriminals will attempt to discredit the election, stir up social tension, spread fake news and infect online voters with malware. 

This was followed by Russia’s foreign intelligence service stating that the U.S. has attempted to interfere with Russia’s election by launching a cyberattack on its online voting system, an accusation that a White House National Security Council spokesperson denied. 

Hacktivist threat landscape 

The hacktivism landscape has developed dramatically in recent times, intensified by recent geopolitical conflicts, such as the ongoing Russia-Ukraine conflict. With kinetic warfare engagements increasingly permeating the cyber domain, there is a realistic possibility that both Russia and Ukraine-aligned hacktivism efforts will surge throughout this period in support of both states. 

Impacted sectors 

Cyberspace will almost certainly continue to exist as a second front for the Russia-Ukraine conflict. It is highly likely that hacktivist targeting will involve Russia-aligned cyber actors concentrating efforts against NATO-supporting states. Their aggressive approach will focus on the government, defence, and energy sectors in retaliation to ongoing sanctions. 

The Russia-aligned NoName(057) hacktivist group is worthy of a special mention as they have emerged as a substantial threat to the sectors mentioned above. NoName(057) offensive efforts, involving their modus operandi of distributed denial-of-service (DDoS) attacks, will likely be launched with greater volume than usual on throughout the election period and beyond, with the objective of protesting against opposing government policies and disrupting the critical national infrastructure (CNI) of states perceived to be in opposition to their sociopolitical ideology. 

Mitigation strategies 

With the potential for hacktivism efforts to spill over into both public and private sector businesses in the West, it is strongly recommended that the following mitigation strategies are enforced to bolster the security posture organisations against disruptive hacktivist efforts: 

• DDoS Mitigation: Apply DDoS mitigation solutions to combat sudden network traffic surges. These can include load balancing, traffic filtering, and content delivery networks to ensure company services remain accessible during attacks. 
• Attack Surface Management: Update and secure company assets, emphasising websites which are the primary target for web defacement and DDoS attacks. Implement strong authentication protocols, such as multi-factor authentication (MFA), and monitor internet-facing assets for unauthorised access. 
• Data Protection: Safeguard sensitive data with encryption, access controls, and regular security audits.  
• Employee Training: Train employees to detect markers of social engineering tactics to raise awareness and reduce the risk of hacktivist efforts. 

Outlook 

It is highly likely that hacktivist operations will continue to surge in 2024, in alignment with key issues such as the ongoing conflict between Moscow and Kyiv. Nation states will likely attempt to leverage these campaigns as they provide plausible deniability and the potential for disruption. Furthermore, the resurgence of DDoS-for-hire services will likely enhance hacktivist efforts in 2024 as access to more powerful tooling becomes more readily available.  

With the UK-based International Institute for Strategic Studies recently estimating that Russia could sustain its warfare efforts for an additional two to three years, Moscow-aligned cyber operations will likely escalate beyond the election period in alignment with the continually fracturing geopolitical landscape. 

For further details, you can refer to the Quorum Cyber Threat Intelligence Outlook 2024 report which provides a comprehensive breakdown on which offensive cyber operations will likely coincide with numerous major global events scheduled for 2024, such as presidential and national elections, as well as the Olympic Games in Paris.