Cyber Warfare in Russo-Ukrainian War

At 3:02 on the morning of February 24, 2022, Russia launched a cyberattack on the American satellite company Viasat. Just one hour later, Russia began its full-scale invasion of Ukraine. The attack resulted in an immediate and significant loss of communication for the Ukrainian military, who relied on Viasat’s services for the command and control of Ukrainian armed forces. Russia used malware known as AcidRain, which erased large amounts of data from Viasat networks, effectively disabling these networks. This attack marked the sixth instance of Russia employing its hybrid war strategy, using cyber capabilities in tandem with conventional military forces against Ukraine.

The February 2022 Russian invasion of Ukraine occurred in conjunction with more than 800 cyberattacks against Ukrainian targets, which continued through the following month. The hybrid warfare strategy remains in use today, with Ukraine facing consistent bombardment from Russian cyber forces. 

Russia’s use of cyber capabilities against Ukraine is not a new phenomenon. Since the 2014 invasion of Crimea, Russia has volleyed Ukraine with cyberattacks ranging in scale and intended target. For example, the Russian state-sponsored group Sandworm launched the BlackEnergy campaign in 2015, which targeted Ukraine’s power generation and distribution infrastructure. 

Additionally, on June 27, 2017, a Russian cyberattack using the NotPetya malware targeted Ukrainian banks, airports, and energy companies. This attack spread to over 60 countries and cost $11 billion in damages, making it the most destructive malware ever deployed to this date. Tom Gol, the Chief Technology Officer for Research at the cybersecurity firm Armis, stated, “[NotPetya] demonstrated the potential for highly destructive malware to cause widespread economic and operational disruptions, posing significant risks to national security and global stability.” 

Cyberspace has proved to be another dimension of the international system far less regulated yet just as capable of sparking international conflict as kinetic warfare. Kinetic warfare “refers to missiles or other traditional types of weapon systems that physically engage targets, whereas non-kinetic tools can include cyber, electronic warfare and other means of attack.” Unlike kinetic warfare, cyber warfare is not constrained by geographic boundaries, meaning that physical distance no longer hinders the ability to attack. 

While some states have pushed to establish international cyber laws outlining appropriate cyber behavior, there remains constant malicious cyber activity from many state actors. China, Russia, North Korea, and Iran have each launched many cyberattacks and continue to infiltrate unauthorized systems through cyber espionage campaigns. There is currently no international enforcement mechanism for established international cyber law violations, and many states disregard the norms entirely. Russia’s extensive use of cyberattacks against Ukraine highlights the failure of these norms to deter aggressive state behavior in cyberspace.

Russia’s current cyber strategy focuses on disruption, with most of its capabilities utilized in Ukraine. A disruption-focused cyber strategy involves cyberattacks that interfere with a system's regular operation, causing it to become disabled, frozen, or locked. A disruption-focused strategy is opposed to an espionage-focused strategy, a highly sophisticated form of modern spying, where individuals, organizations, or governments use digital techniques to access confidential information without authorization. The Russian military has a specialized cyber unit of hackers that disrupts Ukrainian infrastructure. The Glavnoye Razvedyvatelnoye Upravleniye (GRU), or Main Intelligence Directorate - the shadowy Russian military intelligence agency - leads this unit. Additionally, multiple state-sponsored advanced persistent threat groups (APTs) conduct operations in the interest of the Russian state, Sandworm being a prominent example.

Russia has overwhelmingly targeted civilian infrastructure, using both kinetic and cyber capabilities, to disorient, demoralize, and disarm the popular and political will. On October 10, 2022, Sandworm coordinated a cyberattack on the Ukrainian power grid, causing a nationwide power outage that coincided with mass missile strikes on critical infrastructure across Ukraine. This attack deprived civilians of access to water, electricity, heat, and vital services. 

On December 12, 2023, Russia launched a cyberattack on Kyivstar, Ukraine’s biggest mobile network operator serving more than half of Ukraine’s population. The attack wiped data from nearly all systems, disabling about 40% of Kyivstar’s infrastructure. As a result, millions of people were unable to make or receive phone calls––which left them in danger of not receiving alerts of potential Russian air assaults. On the cyberattack, Kyivstar’s Chief Executive Officer Oleksandr Komarov remarked, “War is also happening in cyberspace. Unfortunately, we have been hit as a result.” These attacks illustrated the development of Russian cyber capabilities from previous attacks on Ukraine and its hybrid warfare strategy in Ukraine. They also highlighted Russia’s coordinated use of cyber and ground operations, prompting legal scrutiny over the applicability of the Geneva Convention’s protections for civilians to cyberattacks that disrupt essential services.

However, Russia’s civilian attacks have also highlighted the resiliency of the Ukrainian population. Rather than demoralizing the Ukrainian population, Russia’s attacks on civilian infrastructure have backfired, strengthening public resolve and reinforcing the will of the Ukrainian people to resist. Over the past decade, Ukraine has become a “burgeoning tech hub and a model of digital connectivity, e-governance, and cyber resilience—successes arguably necessitated and thus accelerated by Russia’s unrelenting cyber aggression.” Furthermore, Ukraine is known for its IT Army, a group of international and Ukrainian volunteer hackers working in collaboration with officials from Ukraine's defense ministry to target Russian infrastructure and websites. In short, Russia’s attempts to weaken the Ukrainian population and demoralize the country have instead generated the growth of a digitally empowered, united society that meets aggression with resilience and resolve.

Drone warfare in Ukraine blurs the lines of traditional warfare, with both sides using drones for surveillance, targeted strikes, and cyber operations. Recently, Ukraine has started embedding malware into its drones, allowing captured drones to infiltrate Russian computer systems and disclose the locations of the Russian drone operators who seized them. The malware disrupts Russian counter-drone technology, extending the timeframe for effective Ukrainian drone use before Russia employs its counter-drone technology. The use of drones in the Russo-Ukrainian War signals how actors are introducing innovative methods of warfare to the international system and how the nature of warfare itself is being reshaped. 

On March 23, 2025, Ukrzaliznytsia - the Ukrainian state railway and the country's largest cargo carrier - was targeted by a cyberattack that disrupted its ticketing systems and prevented customers from purchasing tickets. As of April 9, 2025, the railway giant had only restored half of its IT services affected by the March cyberattack. There has been no official attribution to Russia yet. However, an anonymous Ukrainian security official and a senior government official reported that the attack had likely come from Moscow. This attack also occurred concurrently with several phishing attacks on Ukrainian government agencies, which affected a number of employees.

While Western leaders were initially hesitant to provide military aid to Ukraine, they did not have the same reservations about cyber assistance. The North Atlantic Treaty Organization’s (NATO) Comprehensive Assistance Package for Ukraine includes a wide range of support, including helping Ukraine “strengthen its defence capabilities in…cyber defence, logistics, explosive ordnance disposal, military training and education, and countering hybrid threats like critical infrastructure sabotage and disinformation campaigns.” Additionally, the US deployed “Hunt Forward” teams in Ukraine, which search for malicious cyber activity to identify potential threats and mitigate harm from attacks.

Overall, Russian cyberattacks against Ukraine contribute little strategic value to Moscow’s war aims, often resulting in limited disruptions affecting the Ukrainian civilian population, who have proven resilient to such attacks. Russia increasingly coordinates cyber operations with kinetic attacks, highlighting a shift in how it integrates cyber capabilities into modern conflict. The Russo-Ukrainian War set a new standard of modern warfare by integrating cyber attacks into military strategy and raises questions about the future of modern conflict and global security.

Russia & FSUBy Mia CalleCyber, Cyber Norms, Cyber Attack, Cyber espionage, Russia, Russo-Ukrainian War, Viasat, AcidRain, NotPetya, BlackEnergy, Ukraine, GRU, Crimea, Hybrid Warfare, Cyber Warfare, Sandworm, China, North Korea, Iran, Disruption Campaign, Disinformation Campaign, Kyivstar, Ukrainian IT Army, Drone Warfare, Ukrzaliznytsia, Phishing Attacks, NATO, Comprehensive Assistance Package, Hunt Forward