Cyber Warfare: Ukraine as a battleground for digital security

Since the onset of Russia’s war against Ukraine in 2014—and particularly since the full-scale invasion of 2022—Ukraine has become a proving ground for 21st-century cyber warfare. It is a conflict not only of missiles and tanks but of malware, data, and digital disruption. What began as targeted cyber attacks against infrastructure has escalated into a sustained campaign of cyber sabotage, psychological operations, and global cyber defence collaboration. Ukraine’s cyber war is now inseparable from her physical war, and the world is watching closely as the country both suffers and innovates under pressure.

Here we explore the major cyber warfare campaigns mounted by both Russia and Ukraine, the role of international allies and private tech companies, and the broader implications of this digital battleground for global cybersecurity, democratic resilience, and civil society.

Precedents and Evolution of Russia’s Cyber Doctrine

Even before the tanks rolled across Ukraine’s borders, Russia had honed her cyber warfare capabilities on Ukrainian soil. Since the annexation of Crimea in 2014, Ukraine has faced some of the most aggressive cyber operations ever documented.

1. The 2015 and 2016 Power Grid Attacks

In 2015, Russian hackers—identified as the Sandworm group linked to Russia’s GRU (military intelligence operations)—executed a groundbreaking cyber attack on Ukraine’s power grid, leaving more than 230,000 people without electricity in mid-winter. The attackers used the BlackEnergy trojan (malware that disguises itself as a normal programme, encouraging users to download it) to gain initial access and then the KillDisk wiper to erase critical system files. KillDisk rendered infected computers unbootable, effectively paralysing IT infrastructure.

A year later, a more advanced piece of malware known as Industroyer (or CrashOverride) struck Kyiv’s electricity grid. Industroyer was notable for its modular structure and ability to directly interact with industrial control systems (ICS) manipulating protocols such as IEC 101 and IEC 104 (widely used international standards for electronic control and protection in electrical power systems, particularly for communications between substations and control centres). This sophistication marked it as the first piece of malware specifically tailored to attack electrical substations.

2. NotPetya (2017)

Perhaps the most infamous example of cyber warfare in Ukraine was the 2017 NotPetya malware attack. Although it masqueraded as ransomware, its true purpose was data destruction. Distributed through a compromised update to the commonly used MeDoc accounting software, NotPetya used the EternalBlue and EternalRomance exploits (originally developed by the US National Security Agency or NSA), exploiting vulnerabilities in Microsoft Windows and Windows servers that allowed the hacker to gain access to any number of computers in a network) and leaked by the Shadow Brokers group) to spread laterally across networks. It disabled systems by overwriting the Master Boot Record (MBR) that tells computers what to do when they are started or restarted, and encrypting the file table, causing irreversible damage. Global damage exceeded $10 billion.

Cyber Operations During the 2022 Full-Scale Invasion

The 2022 invasion intensified the cyber dimension of the conflict. Russia launched waves of digital attacks in coordination with kinetic strikes, aiming to degrade Ukraine’s government, communications and morale. However Ukraine, far more prepared than in 2014, mounted a remarkably effective set of defences.

1. Russian Attacks

• WhisperGate (a malicious bootloader again exploiting vulnerabilities in Microsoft Windows, similar to Notpeya), discovered in January 2022, was designed to wipe data and disable systems. It overwrote the Master Boot Record with a ransom note but lacked recovery mechanisms (i.e. if you paid then the damage was not reversed), indicating its true destructive intent.

  
  

• HermeticWiper (a fake digital certificate also exploiting Microsoft vulnerabilities), used on 23 February 2022, targeted hundreds of Ukrainian systems in government and financial institutions. It exploited vulnerabilities in drivers (software designed to control a computer's hardware) from EaseUS Partition Master (a commonly used piece of software to partition Windows-based hard drives) to corrupt disk partitions.

  
  

• CaddyWiper, IsaacWiper, and FoxBlade (as reported by Microsoft), using other Microsoft vulnerabilities, emerged in subsequent months, each focusing on data destruction, espionage, or network disruption.

  
  

These attacks were often synchronised with missile strikes or military manoeuvres, suggesting a coordinated hybrid warfare strategy.

2. Ukrainian Cyber Defences and Counter-Offensives

Ukraine's defences benefited from years of institutional reform and foreign assistance:

• Ukraine's State Service of Special Communications and Information Protection (SSSCIP) leads national coordination efforts.

  
  

• Cybersecurity firms like ESET, Mandiant, and Recorded Future provide threat intelligence and forensic analysis.

  
  

• Microsoft’s Threat Intelligence Center (MSTIC) and Google's Threat Analysis Group (TAG) offered real-time insights into Russian malware campaigns.

  
  

Ukraine also went on the offensive:

• The decentralised IT Army of Ukraine has coordinated cyber attacks against Russian state media, banks and railways. Tools used ranged from coordinated DDoS (distributed denial of service attacks, using multiple computers to overload targeted servers with requests for information) to vulnerability scanning and simple social engineering (encouraging users of computers to hand over personal or log-in details voluntarily through fake websites and the like).

  
  

• Ukrainian hackers have disrupted Russian logistics systems and themselves defaced propaganda websites, contributing to battlefield confusion and morale disruption.

  
  

Civilian Frontlines: Cyber War in Everyday Life

Unlike conventional warfare, cyber warfare permeates everyday civilian life, with both disruptive and empowering consequences.

1. Information Warfare and Disinformation

Russia’s strategy has included widespread disinformation campaigns. Social media platforms were flooded with:

• Deepfake videos (e.g. a falsified surrender speech by Ukrainian President Zelenskyy).

  
  

• Fake news websites and Telegram channels promoting Kremlin narratives.

  
  

• Coordinated inauthentic behaviour using botnets (interconnected groups of computers performing DDoS attacks and send spam, with a central command and control (C&C) centre) and troll farms (generating fake news websites and flooding social media with fake news).

  
  

Ukraine countered these efforts with:

• Rapid official rebuttals.

  
  

• Public awareness campaigns and crowdsourced fact-checking.

  
  

• Strategic storytelling and viral messaging, including President Zelenskyy's daily video addresses.

  
  

2. Protecting Civilian Infrastructure

Cyber attacks against civilian targets—such as hospitals and emergency services—aimed to compound the chaos of missile strikes. However robust cloud-based backups and offline redundancies (engineering systems so that redundant components are not used until the primary system fails, whereupon the redundant system takes over) have mitigated long-term damage. Cloud migration supported by AWS (Amazon Web Services, an Amazon subsidiary offering cloud computing platform), Microsoft Azure and Google Cloud (similar services) ensured data resilience and business continuity.

Global Cooperation and Cybersecurity Lessons

Ukraine’s digital resilience has been enabled by a broad coalition of state and non-state actors:

• Tech Giants as Strategic Actors:

  
  

  • Microsoft has issued more than 200 cyber threat intelligence bulletins in response to Russian cyber threats.

    
    

  • Google has provided software called Project Shield for DDoS protection.

    
    

  • SpaceX’s Starlink has ensured internet access in combat zones, using thousands of terminals.

    
    

• Western Intelligence and Coordination:

  
  

  • US Cyber Command, NATO’s CCDCOE (the Coordinated Cyber Defence Centre of Excellence) and national CERTs (Computer Emergency Response Teams) have offered rapid-response expertise.

    
    

• Legal and Normative Responses:

  
  

  • The Tallinn Manual on the International Law Applicable to Cyber Warfare, developed by NATO's CCDCOE, and the Geneva Conventions, that govern the laws of war, are increasingly invoked to classify civilian cyber targets as protected entities.

    
    

Strategic Implications and the Future of Digital Sovereignty

1. Deterrence and Escalation

Cyber warfare allows weaker actors to impose asymmetric costs. However, the covert nature of cyber attacks raises risks of misattribution and escalation. The destruction caused by NotPetya underscores the potential for global spillover.

2. Hybrid Warfare Integration

Ukraine’s war is the prototype for a new hybrid model where drones, cyber weapons, and electronic warfare are fused with conventional operations. The successful integration of Starlink and battlefield intelligence apps (like Delta, that provides constantly updated monitoring and reporting of cyber security threats) shows how cyber and kinetic (battlefield) realms now co-evolve.

3. Digital Sovereignty and Future Capacity

Ukraine is accelerating efforts to build indigenous cybersecurity capacity:

• Developing local encryption tools.

  
  

• Training cyber professionals via NATO partnerships.

  
  

• Building "cyber ranges" (systems that integrate computers for a realistic and controlled environment for cyber security training, testing and research - see in particular the White Paper from the European Cyber Security Organisation) for offensive and defensive drills.

  
  

Conclusion: A Digital Bastion Under Siege

Ukraine is not merely a theatre of conventional warfare—it is the frontline of global digital security. The cyber war being waged across its servers, networks, and users is redefining how nations think about sovereignty, resilience, and defence. From protecting hospitals to disabling enemy logistics systems, from defending elections to refuting propaganda, Ukraine has emerged as both a target and a teacher in the era of cyber conflict.

As Russia continues her physical and digital assault, Ukraine’s experience offers vital lessons for democracies worldwide. In an age where code can kill and firewalls can save lives, cyber warfare is not a secondary domain—it is a central front in the struggle for freedom, stability, and security.