n 2022, before the invasion of Ukraine, many analysts feared the possibility of Russian cyberattacks overwhelming Kyiv’s command and control systems and critical infrastructures, plunging Ukraine into darkness and facilitating a ground invasion. The leading entities behind these operations are advanced persistent threat groups: experienced, well-funded cyberspace actors often enjoying State sponsorship. Russian-sponsored APTs are already known for impactful cyberattacks such as the 2015 disruption of the Ukrainian energy grid, and are employed under the direction of the Russian intelligence services. Analysed through the lens of offensive realism, cyberspace appears as a domain of persistent competition among great powers. What this school of thought also posits is that while not revolutionary, cyberattacks can be used for tactical advantages. This stands in contrast with the expectations set by the Russian doctrine of “information confrontation” (or IPb), a comprehensive approach that utilises cyberattacks to achieve political, economic, and military objectives during both peacetime and wartime, with significant investments in APT groups and operations. This research analyses this “doctrine-to-deployment” gap in the role of APT groups within IPb through an offensive realist theoretical lens. It does so by analysing three case-studies of Russian APT operations using a “structured, focused” comparison methodology. These include the 2015 attack on the Ukrainian energy grid, the 2020 data breach on the SolarWinds supply chain and the APT campaigns in the war in Ukraine. By providing a doctrine-to-deployment analysis of APT units within IPb, this research clarifies a lesser-known aspect of cyber warfare: the role of State-sponsored APTs under Russian command. The results indicate that these operations, albeit aligned with State strategic objectives and the doctrine of IPb, do fall short of strategic gains, functioning more as tactical instruments of persistent warfare across wartime and peacetime. In this, the article contributes to the literature by clarifying how APTs function within IPb, bridging Russian military doctrine with international relations theory.
Gelati, E., Martino, L. (2026). Doctrine-to-Deployment: Role of Advanced Persistent Threats in Russia’s Information Confrontation Doctrine [10.34190/iccws.21.1.4411].
Doctrine-to-Deployment: Role of Advanced Persistent Threats in Russia’s Information Confrontation Doctrine
Luigi MartinoSecondo
2026
Abstract
n 2022, before the invasion of Ukraine, many analysts feared the possibility of Russian cyberattacks overwhelming Kyiv’s command and control systems and critical infrastructures, plunging Ukraine into darkness and facilitating a ground invasion. The leading entities behind these operations are advanced persistent threat groups: experienced, well-funded cyberspace actors often enjoying State sponsorship. Russian-sponsored APTs are already known for impactful cyberattacks such as the 2015 disruption of the Ukrainian energy grid, and are employed under the direction of the Russian intelligence services. Analysed through the lens of offensive realism, cyberspace appears as a domain of persistent competition among great powers. What this school of thought also posits is that while not revolutionary, cyberattacks can be used for tactical advantages. This stands in contrast with the expectations set by the Russian doctrine of “information confrontation” (or IPb), a comprehensive approach that utilises cyberattacks to achieve political, economic, and military objectives during both peacetime and wartime, with significant investments in APT groups and operations. This research analyses this “doctrine-to-deployment” gap in the role of APT groups within IPb through an offensive realist theoretical lens. It does so by analysing three case-studies of Russian APT operations using a “structured, focused” comparison methodology. These include the 2015 attack on the Ukrainian energy grid, the 2020 data breach on the SolarWinds supply chain and the APT campaigns in the war in Ukraine. By providing a doctrine-to-deployment analysis of APT units within IPb, this research clarifies a lesser-known aspect of cyber warfare: the role of State-sponsored APTs under Russian command. The results indicate that these operations, albeit aligned with State strategic objectives and the doctrine of IPb, do fall short of strategic gains, functioning more as tactical instruments of persistent warfare across wartime and peacetime. In this, the article contributes to the literature by clarifying how APTs function within IPb, bridging Russian military doctrine with international relations theory.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
