Skip to main content

What the Ukraine Crisis Means for Cyber Warfare

Written on |

What the Ukraine Crisis Means for Cyber Warfare.

While Russia’s invasion of Ukraine rapidly unfolds, we sat down with Omree Wechsler, a senior researcher in TAU’s Yuval Ne’eman Workshop for Science, Technology and Security, to discuss the cyber security aspects of the conflict in Ukraine.

Omree, Ukraine’s vice prime minister recently said the country had launched an ‘IT army’ to combat Russia in cyberspace. How would you assess Ukraine’s cyber capabilities? 

Several attempts were actually made to assess the national cyber power of states, however, Ukraine was not among them due to the lack of data. While the research community is still in the dark about Ukraine’s cyberspace capabilities, we can assume that due to the fact that Ukraine was targeted by Russian cyberattacks ever since the annexation of Crimea, their cyber defense teams should be highly experienced.

The Ukrainian government has called upon the country’s hacking community to help protect their infrastructure, conduct espionage and disruptive activities against Russian forces. In addition, certain international hacking collectives (such as Anonymous) declared that they would act against Russian targets.

Screenshot from a popular St. Petersburg news outlet ( On February 28, several Russian news sites were attacked, warning readers not to "send their sons and husbands to certain death.” Anonymous claimed responsibility


Screenshot from a popular St. Petersburg news outlet ( On February 28, several Russian news sites were attacked, warning readers against “sending their sons and husbands to certain death.” Anonymous claimed responsibility

The official website of the Kremlin, the office of Russian President Vladimir Putin,, crashed a few days ago (it is still down at the time of writing). Who is behind this attack?

The kind of attack we see on Russian official websites is called a ‘Denial of Service’ cyberattack (or DDoS). It’s a relatively easy task, and does not require sophisticated cyber expertise. Looking at past cyberattacks that were attributed to Western governments, mostly the U.S. Cyber Command, it does not seem that this is an instance of Western retaliation (Western cyberattacks would in theory look more like disabling military systems and so on), but rather the work of “hacktivists” – hackers who employ their capabilities as part of their social/political agenda. It could also be the work of Ukrainian hackers who took advantage of the opportunity to hit some symbolic target.

The power is no longer reserved for the state, then?

That’s correct. There are many other actors with access to cyber capabilities of varying complexity. However, advanced capabilities require means, such as money and expertise. Therefore, the most capable threat actor in this regard remains the state. It is also important to mention that cyber capabilities render factors such as population and geographic size, that are essential for conventional military might, obsolete.

I think that in the current conflict, international hackers or hacktivists could mostly embarrass the Russian government and cause some disruptions. One way that international hackers could cause damage to Russian targets is by ransomware attacks that encrypt data thus making it unreadable to the systems that use it. Another may include leaking highly sensitive or classified data that will be used by more sophisticated groups for more sophisticated attacks. However, the damage they can cause is usually limited compared to the capabilities of Western governments. 


The Russian invasion disrupted Ukraine’s internet connectivity, but the country has successfully mobilized public opinion with the help of social networks, and its Vice Prime Minister Mykhailo Fedorov asked billionaire Elon Musk through Twitter to make available his company’s Starlink satellite broadband service in Ukraine. Musk delivered.

What type of cyber operations have been employed in this conflict? 

Before the military attacks, the Russians also used DDoS attacks and flooded Ukrainian government and banking websites. Other attacks employed so-called ‘wipers’, a malware that deletes data and renders computers unusable. There are plenty of tools in the cyber toolbox.

What were the Russian objectives of the cyberattacks? 

In January, some experts argued that the attacks’ objective was to steal information relevant to an upcoming invasion. DDoS attacks may have been used for diversion, while the wiper attacks prevented the Ukrainian government from quickly recovering by deleting data and preventing machines from booting.

The Russians also did their best to wreak fear and doubt among Ukrainian citizens and to embarrass the Ukrainian government. These attacks were accompanied with a constant disinformation campaign including reports on Ukrainian aggression in Eastern Ukraine.

Did it work?

There is no evidence that the attacks destabilized the public support for the Ukrainian government, inside Ukraine or abroad. It may seem that some of the Russian disinformation was also directed at local Russian citizens in order to increase support for the attack. There is still no indication that it worked, as reports on Russian soldiers that have been compelled to invade Ukraine are coming in.


Omree Wechsler

Should we expect more cyberattacks from Russia? 

I believe Russian aggression in cyberspace will continue, in order to support its military operations. Cyberattacks that cripple the electric grid, water systems and other critical infrastructure are even more possible, given the fact that many critical systems in Ukraine use Russian technologies and software. A prime example, is Ukraine’s electrical grid which was built during Soviet times. It is very likely that many more malware infections are lying dormant in Ukrainian systems, ready to be deployed.

Russian threat actors will likely direct their cyber efforts against NATO and EU member states as well, in retaliation for supporting Ukraine and announcing sanctions. In fact, banks, critical infrastructure operators, government and public administration agencies in Europe and in the U.S. have been on alert for a while. Earlier this month, oil and fuel supply companies in Germany, the Netherlands and Belgium were hit by ransomware and forced to work in limited capacity. These attacks were attributed to a Russian-speaking group named ‘BlackCat,’ and, given that all these countries have in common that they are NATO member states that agreed to send troops and aircraft to countries surrounding Ukraine, it is difficult to decouple the attacks from the crisis in Ukraine.

Will the West remain idle? 

Apart from sanctions, it is possible that the West will employ cyberattacks. According to reports, U.S. President Joe Biden was presented with various options to carry out cyberattacks aimed at disrupting the Russian invasion. The UK Defense Secretary, Ben Wallace, stated that the UK may launch cyberattacks on Russia if it targets the UK networks. However, given their sensitive position, Western responses in cyberspace are likely to be limited and reactive. It really depends on the purposes and gains they wish to achieve.

Theoreticians have long tried to define how cyberattack operations can be utilized amid political and military conflicts, and whether they stand on their own or support conventional military operations. The Russian invasion of Ukraine and the months preceding, therefore, are bound to be investigated as case studies necessary to understand the nature of cyberwarfare operations.

Related posts

The Power of Sleep

7 June 2023

Tiny Robot Navigates in Physiological Environment and Captures Targeted Damaged Cells

28 March 2023

Prof. Dan Peer Appointed as Member of the Prestigious American National Academy of Engineering

19 February 2023

First Satellite Observatory for Quantum Optical Communication in Israel

16 February 2023

Prof. Ehud Gazit Elected Fellow of the US National Academy of Inventors

25 January 2023

Robot, Can You Smell This?

23 January 2023

Researchers use Smartwatches to Measure Safety of COVID Vaccine

28 December 2022

Tel Aviv University Establishes Multidisciplinary Center for Research of Autoimmune Diseases

18 December 2022

The Superpowers of the Female Locust

8 December 2022

TAU Researchers Identified a Serious Security Flaw in Samsung’s Galaxy Series

1 April 2022

AI Week 2022 Draws over 5,000

24 February 2022

Saving Lives with Artificial Intelligence

9 December 2021

Fighting Pollution With Seaweed

13 September 2021

What to Do When Everything is Vulnerable and Under Attack

25 July 2021

The Faculty of Engineering Predicts: A Greener and Safer Future

2 July 2021

Exploring New Frontiers in AI

14 June 2021


Tok Corporate Centre, Level 1,
459 Toorak Road, Toorak VIC 3142
Phone: +61 3 9296 2065

New South Wales

Level 22, Westfield Tower 2, 101 Grafton Street, Bondi Junction NSW 2022
Phone: +61 418 465 556

Western Australia

P O Box 36, Claremont,
WA  6010
Phone: :+61 411 223 550