Russia-Ukraine Cyber War Is 'Test Ground' for NATO

As Ukrainian forces drive back Russian invaders, a largely unseen cyber war is raging as Moscow looks to regain momentum in the seven-month old war.

Ukrainian leaders who spoke with Newsweek said the country has become a "test ground" for new cyber weapons and tactics, noting that Kyiv's ongoing close cooperation with foreign partners offers NATO, the European Union, and others a rare opportunity to learn about Russian capabilities.

"We have de facto been at war with Russia for eight years already," State Service of Special Communications and Information Protection of Ukraine Chairman Yurii Shchyhol told Newsweek.

"All those years, Russia has been mounting cyberattacks on information systems in Ukraine, both public and private," Shchyhol said. "Ukraine has not only become a target of attacks, but also a test ground for modern cyber weapons."

Ukraine is well-versed in Russian cyber warfare, which has been a constant since Moscow's annexation of Crimea and invasion of eastern Ukraine in 2014.

The most infamous was the 2017 NotPetya malware attack, which destroyed almost 13,000 devices used by public institutions and spread to more than 50,000 systems in 65 countries. The total losses caused are estimated at more than $10 billion.

In January, as Russian forces were preparing to strike across the border, Ukraine experienced a widespread cyberattack on several government departments. A wide range of attacks have targeted sensitive government institutions, media companies, banking networks, and more since the invasion began.

Since the invasion began, the intensity of phishing attacks has increased by 300 percent, DDoS attacks by 200 percent, and malware attacks by up to 400 percent, according to KyivStar—a Ukrainian telecommunications giant heavily involved in securing national networks.

Russian attacks have become longer and more powerful, the company told Newsweek, with one repelled DDoS effort lasting 29 hours.

Battle-hardened Cyber Troops

Like Ukraine's conventional forces, Kyiv's cyber troops are becoming among the most battle-hardened in the world.

"Each new attack of Russian military hackers not only provided us with new experience, but also gave us the realization of the importance of cyber defense," Shchyhol said.

NotPetya was a "breakpoint," he added, after which authorities began making a more concerted effort to prepare their networks. The January 2022 attack, Shchyhol said, should be considered "a new baseline in cyber war history."

Shchyhol cited years of preparation, public-private partnerships, and the integration of civil society and self-organizing online activists as key elements of Ukraine's success in its ongoing cyber war with Russia. International cooperation, too, has been vital and provided Kyiv's partners with valuable information on Russian operations.

"Ukraine is actively sharing information and data with its partners," Shchyhol said. "This process had been established long before the full-scale Russian invasion. We are constantly sharing our experience with the U.S., the EU, Japan, Israel, Spain, Brazil and many other countries through cyber dialogues."

"This cooperation has become even stronger since January 14, 2022. It was in the morning of the day we were attacked that U.S., EU and UK officials reached out to us and offered their help in the investigation of the attacks."

Ukraine troops on APC in Donetsk fighting
Ukrainian soldiers sit on an armoured personnel carrier on their way to the front line to face Russian troops in the Donetsk region on September 21, 2022. ANATOLII STEPANOV/AFP via Getty Images

A collective approach to cyber defense would be cheaper and more efficient, Shchyhol said. "We realize that we have extraordinary expertise accumulated over more than half a year of the full-scale cyberwar and over eight years of fending off cyber aggression; the expertise the world needs," he said.

"We are willing to help transform it into new, effective global tools for building a collective cyber defense system."

KyivStar CEO Oleksandr Komarov recently visited Washington, D.C. to speak with American officials about Russian hybrid activities in the first six months of the war; and to discuss how to prepare for future challenges.

"The main subject was cyber security, our current status, and what type of support we might need in the future," Komarov told Newsweek about his meetings. Cooperating with foreign partners and domestic counterparts—particularly to plug security gaps in shared networks to prevent supply chain attacks—is vital, he said.

An Unending War

"It's a war where we have a quite creative and unpredictable enemy," Komarov said. "We as KyivStar are ready to share any type of experience we are facing in Ukraine. And we are ready to be a pilot zone for any extra technologies that might help us to ensure a high level of protection."

"As a hub, we are ready to share this experience with Ukrainian entities," Komarov said. All forms of cooperation are possible."

Among Ukraine's most pressing needs are methods to prevent DDoS attacks, operation control centers, more monitoring equipment, more workers, slicker processes and better integration, Komarov explained. "Cybersecurity is not only about platforms and tools, it's also about processes and monitoring."

EU-Ukraine cyber drills at SBU HQ Kyiv
This file photo shows screens at the Ukrainian Security Service headquarters in Kyiv on March 6, 2019 during a joint European Union-Ukraine cyber security drill. Since Russia's invasion of the country in February, Ukraine's cyber security cooperation with foreign partners has expanded. SERGEI SUPINSKY/AFP via Getty Images

"You will not win a war in cyberspace," Komarov said, warning against the "overestimation of cybersecurity as an element of war." Still, he said, "you can create panic, you can affect governance mechanisms."

Komarov suggested the Russians do not "have a golden bullet" they are holding in reserve, but expects constant cyber efforts as the war goes on despite Ukraine's success to date. "In the cybersecurity area, I think we should be alert," he said. "It is still a relatively creative area."

The physical invasion poses new security challenges. Russian forces have direct access to hardware that gives access to sensitive Ukrainian networks in occupied areas. "This is a very specific experience that we can share," Komarov said.

"We took some urgent steps, but it is quite clear that in a kind of midterm perspective, we will rebuild the network significantly in order to address this."

The war will be won on the physical battlefields of southern and eastern Ukraine, but the cyber fight will outlast any kinetic confrontations.

"One can hardly expect it to end, even after Russian troops have been pushed beyond Ukraine's physical borders," Shchyhol said. "Hacker attacks require considerably fewer resources than waging a kinetic war and do not involve any risks of getting injured or killed."

"Far from underestimating the enemy or considering it weak, we keep the worst predictions and scenarios in mind," he added. "We expect an increase of the cyber component in hybrid aggressions all over the world in the future."

"We can already see Russian hackers intensifying attacks on other countries marked as 'hostile' by their government. On the other hand, Russia's expertise will be adopted by other countries."