Before the military invasion of Ukraine on Feb. 24, there were multiple cyber-attacks against the Ukrainian government and private sector, and as the war continues Russia may conduct more “destructive or disruptive cyber-attacks” against the government and various critical infrastructures and eventually could spread to Western and NATO countries depending on how long sanctions and other actions against Russia go on, the cybersecurity firm Mandiant [MNDT) warns in a new report.

Moreover, Russian-backed threat actors could also target entities that are condemning Russia for the war or backing Ukraine, Mandiant says in the March 4 threat intelligence report.

“We anticipate that Russia could conduct retaliatory actions, including additional destructive or disruptive cyber attacks, particularly against the government, financial services, and energy and utilities sectors,” the report says. “The nature and length of NATO and Western sanctions and responses likely will heavily influence Russia’s perception of high-priority targets for retaliation.”

The report assesses the cyber risks to the Ukrainian government and its various critical infrastructure sectors as high, and as moderate to high for the same sectors in the U.S., NATO and European Union.

At a minimum, in response to Western sanctions, Mandiant expects Russia to increase its cyber espionage efforts against Ukrainian government targets “to enhance decision advantage, and likely also conduct additional destructive or disruptive cyber attacks.”

The report highlights the financial sector outside of Ukraine as a likely target of cyber espionage related to information on Western sanctions and warns that disruptive and costly cyber-attacks against Ukraine’s financial sector could spread to neighboring countries.

The report also warns that “in extreme cases, Russia could choose to conduct disruptive or destructive activity against financial sector organizations outside of Ukraine.”

As for NATO countries, Mandiant also expects cyber espionage activities will continue, adding that some of Russia’s state-sponsored actors may have to shift their attention from the current activities to focus on Ukraine and NATO.

Russia also has the potential to attack energy targets if it believes the Western nations are escalating their response but do so in a way that doesn’t draw NATO “further into the conflict,” the report says. Russia could raise the cost of its gas it supplies to NATO countries and partners and it may also launch cyber-attacks against energy facilities in the Middle East, believing NATO won’t respond, it says.

“These two options could limit the likelihood of disruptive or destructive cyber attacks against NATO energy entities, as such operations are more likely to cause a significant escalatory response from NATO and the U.S.,” Mandiant says. “However, it increases the possibility that Russia could seek to conduct operations outside of NATO’s purview.”

While cyber criminals in Russia are typically left alone so long as they don’t target domestic interests, Mandiant says these groups could be coopted for used against NATO.