The Clash Within: Competition, Rivalry, and the Lack of Integration between Operational and Technical Levels

Research output: Contribution to journalArticlepeer-review


Our current study is an ongoing, descriptive analysis exploring the complexities of Offensive
Cyber Operations (OCO), particularly in light of the recent Russian-Ukrainian conflict that began in 2022. This conflict has notably highlighted an escalation in Russian cyber capabilities. While OCOs have evidently played a role in this context, academic research points to a relatively limited "spillover effect." This study seeks to further investigate and understand this limited spillover. Our primary focus is to examine the lack of collaborative efforts among Advanced Persistent Threats (APT) groups associated with various Russian intelligence agencies, specifically the GRU, SVR, and FSB. By analysing the extent of operational and technical integration among these agencies, we aim to identify factors that may encourage or hinder greater cooperation. Preliminary findings suggest that internal competition and historical disparities among the GRU, SVR, and FSB may have impeded effective coordination in their cyber operations. This study posits that such lack of coordination at both operational and technical levels could potentially reduce the effectiveness of their cyberattacks and increase the likelihood of detection. As we continue our research, we aim to delve deeper into the implications of this internal rivalry and its impact on the development of technical infrastructure for Russia-affiliated APT groups. The findings are anticipated to shed light on the reasons behind the less effective nature of cyber-attacks in this scenario. This exploration into the competitive dynamics and historical nuances of Russian intelligence agencies is crucial for a comprehensive understanding of the broader landscape of cyber operations. We present this paper as a work in progress, hoping to contribute to the ongoing discourse in this field.
Original languageEnglish
JournalJournal of Cybersecurity
Publication statusSubmitted - 13 May 2024

Cite this