Wartime cyber-espionage has become a key tool in the conflict between Russia and Ukraine, marking a new chapter in the realm of modern warfare. But what is the Russian technique like in this respect?
Sergio Delgado / Escudo Digital
Russian cyber operations have been a key component of Moscow’s military strategy, combining espionage, sabotage and disinformation tactics to weaken Ukraine and undermine the security and stability of its Western allies.
This conflict has demonstrated how cyberspace has become a new battleground, where the boundaries between conventional and digital warfare are increasingly blurred.
The historical context of Russian cyber espionage
Russia’s use of cyberattacks is not a new phenomenon. Since the 2007 attack on Estonia, the Kremlin has honed its skills in cyber espionage and cyber operations, using a combination of state and non-state actors, including agencies such as the GRU (military intelligence service) and Moscow-linked hacker groups such as APT28 (Fancy Bear) and Sandworm.
The annexation of Crimea in 2014 was another milestone in the deployment of cyber attacks aimed at destabilising the Ukrainian government, crippling key infrastructure and sowing chaos.
However, since the start of the full-scale invasion of Ukraine in February 2022, the scope and sophistication of Russian cyber operations have reached a new level.
Russia has not only intensified its cyber attacks against Ukrainian targets, but has also sought to obtain crucial information from Western governments, militaries and companies that support Ukraine. The main goal of these attacks is to gather intelligence on military strategies, economic sanctions and defence capabilities.
Russian cyber-espionage strategies and targets
Russian cyber-espionage has focused on several key areas. First, Ukraine’s government and military networks have been constant targets of intrusion attempts.
Through sophisticated phishing attacks, malware and exploitation of vulnerabilities, Russian hackers have tried to gain access to sensitive information on troop movements, defence strategies and internal Ukrainian military communications.
Another crucial target has been Ukraine’s critical infrastructure. Throughout the conflict, Russia has launched cyber-attacks against sectors such as energy, telecommunications and transport. These attacks seek not only to cripple the country’s operational capacity, but also to sow chaos among the civilian population. A notable example is the cyberattack on the Ukrainian power grid in 2015, which left hundreds of thousands of people without electricity in the middle of winter. Although that attack occurred before the 2022 invasion, it was a harbinger of things to come.
In addition, Russian cyber espionage has spread to countries allied with Ukraine, particularly NATO and EU members. Russian intelligence services have targeted government agencies, defence companies and political entities to gather information on the military and financial support these countries provide to Ukraine. These attacks have attempted to compromise the security of sensitive data, including internal communications on the coordination of economic sanctions against Russia and the delivery of weaponry to Ukrainian forces.
Attack tools and tactics
Russia has used a wide range of cyber tools to carry out its espionage operations. One of the most common tactics is the use of phishing attacks, in which attackers send fake emails to trick victims into revealing their credentials or downloading malware. This method has been effective in penetrating government and corporate systems in Ukraine and other countries.
Malware has also played an important role in the Russian arsenal. Groups such as Sandworm have developed extremely sophisticated malware, such as Industroyer and NotPetya, which not only have the ability to steal information, but also to destroy data and entire systems. NotPetya, in particular, is one of the most devastating cyberattacks ever, affecting businesses and governments around the world in 2017, although its main target was Ukraine.
In addition, Russia has employed ‘botnets’, networks of compromised computers that can be used to carry out denial-of-service (DDoS) attacks, which saturate servers and networks with malicious traffic until they stop working. These attacks have been used to disrupt telecommunications services and information dissemination in Ukraine, hampering the Ukrainian authorities’ ability to communicate with their population and coordinate their military efforts.
Disinformation and psychological warfare
Russian cyber-espionage is not just about stealing information. It also includes a strong component of disinformation and manipulation of public opinion. Russian hackers and troll farms have played an important role in spreading fake news and conspiracy theories, both inside Ukraine and in allied countries. These disinformation campaigns seek to undermine trust in governments, create divisions within society and manipulate perceptions of the conflict.
One of the clearest examples of this is the propagation of false narratives about the nature of the war in Ukraine. Russian state-controlled media and cyber operators have attempted to frame the invasion as a ‘special operation’ to liberate Ukraine from alleged fascist regimes or foreign interventions, despite overwhelming evidence of Russian aggression.
These campaigns have been directed at both Russian and international audiences, seeking to create confusion and dilute global condemnation of Moscow’s actions.
Response from Ukraine and the international community
Despite Russia’s efforts, Ukraine has developed a remarkable capacity to defend itself in cyberspace. With the support of Western allies and private technology companies, Ukraine has significantly improved its cyber security. Since the beginning of the conflict, companies such as Microsoft and Google have provided technical assistance to help Ukraine resist cyber attacks. In addition, the international community has stepped up its cooperation to detect and counter Russian cyber activities.
For their part, NATO countries and the European Union have strengthened their cyber defences and increased intelligence sharing to prevent future attacks. The conflict in Ukraine has served as an urgent reminder of the importance of protecting critical infrastructure and developing integrated international cyber defence strategies.
Russian cyber espionage in the war with Ukraine is a clear example of how cyberspace has become a key battleground in modern conflicts. Russian-led espionage, sabotage and disinformation operations seek not only to gain military advantage, but also to destabilise Ukraine and its allies.
The war in Ukraine is a reminder of the crucial importance of cybersecurity in the 21st century, and of the need for a coordinated international response to address this new form of conflict.
Sergio Delgado Martorell
Journalist
Specialist in digital marketing as a documentary filmmaker with extensive experience. He has worked in television, radio, magazines, web portals, where he has done reports, articles, interviews, advertorials, and has managed the communication of companies. Specialised in technology, cybersecurity and innovation and interested in stories worth telling.
