Doctrine-to-Deployment: Role of Advanced Persistent Threats in Russia’s “Information Confrontation” Doctrine

In 2022, before the outbreak of the full-scale war in Ukraine, many analysts feared the possibility of a Russian “Bitskrieg”: overwhelming cyberattacks directed at Kyiv’s command and control systems and critical infrastructures, that would facilitate a ground invasion by plunging Ukraine into darkness. The leading entities behind these kinds of operations are advanced persistent threat groups: experienced and well-funded cyberspace actors often enjoying State sponsorship. Russia employs a number of these under the direction of its intelligence services, which are already known for cyberattacks such as the 2015 breakdown of the Ukrainian energy grid and the 2020 SolarWinds data breach. This research aims to understand their role within the Russian doctrine of “information confrontation” (or IPb), a comprehensive approach that utilises cyberattacks to achieve political, economic, and military objectives during both peacetime and wartime. While a rich body of technical research exists on APT groups, as well as the risk they pose at a geopolitical level, few analyses exist on the integration between these units and doctrinal developments for various States. The research does so by reviewing the works of Russian military theorists and analysts on IPb and assessing the role of APTs through a qualitative case study analysis with three examples: the 2015 attack on the Ukrainian energy grid, the 2020 data breach on the SolarWinds supply chain and the APT campaigns in the war in Ukraine. The research offers the following conclusions: i) that APT groups are the prime operators of IPb in the cyber domain, as opposed to other more loosely coordinated actors such as patriotic hackers; they indeed showcase consistent alignment with Russian strategic objectives and aims; ii) that APT operations achieve tactical gains rather than strategic outcomes, with even sophisticated attacks proving limited against prepared adversaries with resilient infrastructure. By providing a doctrine-to-deployment analysis of APT units within IPb, this research clarifies a lesser-known aspect of cyber warfare: the operational role of State-sponsored APTs under Russian command.