From the outset of the conflict on February 22, 2022, Ukraine's key digital infrastructure was paralyzed, severely hampering the country's defense capabilities and facilitating Russia's advance into its territory. This combination of physical and digital attacks demonstrated the extent to which a hybrid attack of this type could have a tenfold increase in striking power.
That is why we can now take stock of the use of cyber weapons in order to analyze the impact of digital weapons on this battlefield, which is sadly notorious for its violence. This analysis is all the more relevant given that cyberspace, like kinetic space, is now increasingly threatened by a number of malicious actors.
This analysis is structured around three main themes: first, contextualizing cyberspace within the framework of the Russian-Ukrainian conflict. The aim here is to highlight the place of both states in the digital landscape, their uses, and therefore why the latter is so important in this war. The second part gets to the heart of the matter, analyzing the impact of cyber weapons on Ukraine's infrastructure. Finally, the third part takes an international perspective, particularly given the involvement of many of Ukraine's allies.
I – Context and history of cyberspace on the Russian-Ukrainian battlefield
"In Ukraine, cyberwarfare has indeed taken place," declared Lieutenant General Aymeric BONNEMAISON, commander of French Cyber Defense (COMCYBER) in December20221. This statement is reminiscent of Russia's recurring use of cyber weapons over many years. As early as 2008, during the Russian-Georgian conflict, Georgian government websites were the target of massiveDDoS attacks. The same was true at the start of the Russian-Ukrainian conflict in Donbass in 2015, when Black Energy, CrashOverride, and Triton malware were used against Ukrainian infrastructure. In this regard, the then Minister of the Armed Forces, Florence Parly, declared at the 2021 InCyber Forum that there was "a cold war incyberspace."
However, what makes these Russian cyberattacks unique is that they are not directly claimed by the state itself, but by parastatal groups officially acting as hacktivists in the service ofRussia. Although indirect links between these groups and the Kremlin have been demonstrated, this tactic allows Russia to hide in a geopolitical gray area that enables it to avoid official involvement in cyberattacks of this magnitude.
These various acts of violence thus introduce the concept of state sponsorship, referring to the unofficial material and/or financial support provided by certain governments to terrorist groups against states considered to be rivals or enemies.
On the Ukrainian side, digital resistance was organized from the outset of the Russian invasion, notably with massive assistance from the private sector and allied countries. On the one hand, Ukrainian IT professionals immediately mobilized to plug the numerous gaps in the country's public information systems (IS). On the other hand, Ukraine was able to count on massive support from Western companies and governments. In addition to the assistance provided by Elon Musk's company Starlink, a telecommunications network enabling Ukrainian troops to stay in contact, Microsoft also called on its best experts to counter the numerous cyberattacks launched by Russia and itsassociated groups.
Finally, a last initiative launched by the Ukrainian government itself has been very successful: the IT Army. In addition to countering cyberattacks on Ukrainian information systems, this collective of Ukrainian and foreign cyberwarriors retaliates by directly attacking the information systems of Russian companies and their allies. Among their main achievements is the attack on Russian internet providers, depriving large cities such as St. Petersburg and Moscow, as well as more isolated areas, of internet access. Similarly, the group claims responsibility for disabling the Russian payment system Evotor a few days before New Year's Eve, which prevented local consumers from paying by credit card in small shops and markets, causingsignificant economic losses.
This mobilization of both private and public actors has led to a drastic reduction in cyberattacks considered "critical," with the number falling from 431 in the first half of 2022 to three in the first halfof 20249.
II – Developments on the Russian-Ukrainian cyber front
Before analyzing developments on the Russian-Ukrainian cyber front, we must ask ourselves the following question: when did this front really begin? Although cyberattacks against Ukraine were indeed launched in 2014 and 2022 at the same time as the physical invasion of the territory, the observation and penetration phases of the affected information systems had begun much earlier. During the invasion of Donbass in 2014, the Sandworm espionage campaign run by Russian groups had probably begun in 2009, exploiting azero-day vulnerability.
Regarding the 2022 invasion, reconnaissance of infrastructure viaOSINT11 by the Russian military had identified Ukrainian infrastructure that was subsequently attacked. In both scenarios, the same attack framework was used: the Cyber Kill Chain. This is a multi-phase attack process that optimizes the impact on a given infrastructure.
Source: varonis.com
Although Ukrainian infrastructure was severely affected in the early days of the Russian invasion, a massive mobilization effort quickly limited the impact on information systems and enabled a response. This "cyber resistance" is the result of successful collaboration between various private and public actors, Ukrainian and foreign citizens, and military support.
This solidarity from around the world has also led to the conflict being exported to Ukraine's allies, particularly in Europe, in the cyber sphere. This aspect is addressed in the third point of this analysis.
III – International impacts
While Ukrainian IT systems have been massively impacted by Russian cyberattacks, allied countries have also suffered numerous cyberattacks from Russia and its parastatal groups. Some time ago, the Polish Minister for Digital Affairs declared: "Poland is at digital war." As the country most affected by cyberattacks in 2024, more than 100,000 high-risk incidents were handled by thepublic authorities. Although Russia's involvement in these cyberattacks has not been officially confirmed by the Kremlin, initial research carried out by CERT Poland seems to attribute the origins of these cyberattacks to the East. This theory is all the more plausible given Poland's proximity to Ukraine, the significant aid it has provided to the country since the beginning of the conflict, and its tumultuous history with Russia throughout the ages.
Recently in France, numerous cyberattacks have been attributed to the adversarial modus operandi (MOA) Fancy Bear, better known asAPT2813. Although this MOA has been active since at least 2004, its use by Russian intelligence services has accelerated in recent years, particularly since the start of theRussian-Ukrainian conflict.
Cyber weapons are therefore now one of the main areas of focus in the conflict between Ukraine and Russia. Since the invasion began in February 2022, cyberspace has been the scene of numerous abuses, ranging from the destabilization of critical infrastructure to hacktivist actions of all kinds and cyber influence operations.
Similarly, cyberspace involves other countries allied with Russia or Ukraine in this conflict. Countries such as France and Poland, known for their full support of the Ukrainian state, have suffered numerous cyberattacks from groups directly or indirectly linked to the Kremlin.
With peace negotiations currently underway between the two antagonistic countries under the auspices of the United States, it would be relevant to study developments in the conflict in cyberspace. Indeed, the lines are likely to continue to shift, more so than on the terrestrial battlefield.
[1] https://www.assemblee-nationale.fr/dyn/16/comptes-rendus/cion_def/l16cion_def2223027_compte-rendu.pdf
[2] https://www.liberation.fr/planete/2008/08/13/la-russie-mene-aussi-une-cyber-guerre-contre-la-georgie_16962/
[3] https://www.vie-publique.fr/discours/281487-florence-parly-08092021-cybersecurite
[4] https://www.portail-ie.fr/univers/risques-et-gouvernance-cyber/2023/quand-hacking-et-militantisme-se-rencontrent-bienvenue-chez-les-hacktivistes/
[5] https://www.francetvinfo.fr/monde/europe/manifestations-en-ukraine/il-faut-se-battre-chaque-jour-pour-sa-survie-dans-les-tranchees-numeriques-de-la-cyberguerre-de-la-russie-contre-l-ukraine_7080162.html
[6] https://blogs.microsoft.com/on-the-issues/2022/04/27/hybrid-war-ukraine-russia-cyberattacks/
[7] https://www.liberation.fr/international/europe/lit-army-of-ukraine-larmee-numerique-qui-brouille-linternet-russe-20230214_VZAOH6DNYZEUJMB34HJSI65IHY/
[8] https://incyber.org/article/oleksander-cyber-combattant-de-lit-army-ukrainienne-cest-la-premiere-guerre-ou-la-composante-cyber-est-si-importante/
[9] https://www.francetvinfo.fr/monde/europe/manifestations-en-ukraine/il-faut-se-battre-chaque-jour-pour-sa-survie-dans-les-tranchees-numeriques-de-la-cyberguerre-de-la-russie-contre-l-ukraine_7080162.html
[10] https://www.wired.com/2014/10/russian-sandworm-hack-isight/
[11] Open Source Intelligence
[12] https://www.lefigaro.fr/international/une-guerre-numerique-la-pologne-sous-le-feu-des-cyberattaques-russes-20250422
[13]https://www.diplomatie.gouv.fr/fr/dossiers-pays/russie/evenements/evenements-de-l-annee-2025/article/russie-attribution-de-cyberattaques-contre-la-france-au-service-de
[14] https://www.cert.ssi.gouv.fr/uploads/CERTFR-2025-CTI-006.pdf
