As we mark the third anniversary of the Russian invasion of Ukraine in February 2022, it’s important to mirror on the profound impression this battle has had on the worldwide cyber safety panorama. The battle has not solely reshaped geopolitical dynamics however has additionally considerably influenced the character and frequency of cyber threats, cyber crime, operational know-how (OT) assaults, and hacktivism.
Within the early phases of the battle, we noticed a disruption in cyber extortion operations by actors primarily based within the area, because the chaos of battle created instability for these felony enterprises as a lot as for normal residents. Nonetheless, because the scenario stabilised, cyber extortion surged as soon as once more, with actors bouncing again to new ranges of exercise. The Safety Navigator 2025 report highlights that whereas progress in cyber extortion incidents has since “stabilised,” the techniques employed by cyber criminals have developed, for instance with AI instruments being utilised to enhances attackers’ operational efficiency and makes it comparatively simple to provide phishing and different social engineering methods.
The battle has additionally catalysed an increase in focused cyber threats towards important infrastructure, significantly in Ukraine. The report emphasises that “focused Operational Know-how (OT) threats” have surged, with state-sponsored actors leveraging cyber capabilities to disrupt important providers. Russian Superior Persistent Menace (APT) teams like Sandworm have been linked to a number of harmful malware campaigns, together with the deployment of ‘HermeticWiper’ and ‘CaddyWiper,’ which goal to erase important knowledge and disrupt operations inside Ukrainian organisations. These assaults have been characterised by their sophistication and typically coordination with kinetic army operations, demonstrating a transparent technique to undermine Ukraine’s resilience.
Intelligence stories additionally element the actions of the Gamaredon group, a Russian state-sponsored actor chargeable for in depth cyber espionage campaigns towards Ukrainian entities. This group has been energetic since 2014 and has been exceptionally busy of late, primarily focusing on authorities programs to exfiltrate delicate info. Its current campaigns have concerned spear-phishing assaults and the deployment of customized malware.
The hacktivist component
Hacktivism has additionally developed dramatically and gained momentum in response to the battle, with varied teams taking sides and launching cyber operations to assist their political agendas. The report notes that “subtle hacktivism” has grow to be a major concern, as these actors have interaction in disruptive actions that may additional escalate tensions and complicate the safety panorama. Professional-Ukrainian hacktivist teams, such because the IT Military of Ukraine, have mobilised to focus on Russian entities, whereas pro-Russian teams like Killnet have launched DDoS assaults towards Western organisations. The size of those operations has been unprecedented, with stories indicating that DDoS assaults focusing on Ukrainian web sites rising dramatically within the early months of the battle.
The implications of hacktivism lengthen past mere disruption; they symbolize a brand new frontier in cyber battle. The rise of pro-Russian hacktivism has launched a layer of complexity to the battle, as teams like Killnet and NoName057(16) have claimed duty for quite a few assaults towards perceived adversaries, together with authorities establishments and personal corporations in NATO international locations. These teams function with a stage of anonymity, making it difficult to attribute assaults and maintain them accountable.
On this context, the idea of “cognitive assaults” has emerged as a major concern. Cognitive assaults exacerbate the impression of DDoS and different technical assaults, and goal to control public notion and sow discord by means of disinformation campaigns, typically leveraging social media and different digital platforms. The Russian authorities has employed these techniques extensively, utilizing state-sponsored actors to disseminate false narratives and undermine assist for Ukraine, however a brand new technology of pro-establishment hacktivist actors are working from the identical playbook. The Safety Navigator highlights that “ disinformation campaigns are designed to erode belief in establishments and create confusion among the many populace,” making them a potent instrument in trendy cyber battle.
As we mirror on the previous three years, we acknowledge the resilience of the Ukrainian individuals and the worldwide group’s response to the disaster. The teachings realized from this battle function a reminder of the interconnectedness of our digital and bodily worlds and the necessity for vigilance within the face of evolving threats.
The continuing battle in Ukraine has reshaped the cyber menace panorama. As we face one other yr characterised by battle and uncertainty, we should stay dedicated to fostering a safe and resilient digital setting for all.
Charl Van Der Walt is head of safety analysis at Orange Cyberdefense.
