February 2022 marked the beginning of a conflict that continues to reshape not just Ukraine, but the global cyber security landscape. As we reach the third anniversary of Russia’s invasion, we need to recognize the impact this war has had on cyber threats and crime, and how it has changed the way we think about security.
At the start of the invasion, many cybercriminal operations in the region came to a halt. The chaos of war disrupted not just ordinary life but also the criminal enterprises that thrive on stability. Yet, as conditions adjusted, cyber extortion activities bounced back with a vengeance. The Security Navigator 2025 report reveals that while incidents of cyber extortion have stabilized, the methods have evolved. Criminals are now using AI tools, making it easier than ever to carry out phishing schemes and other social engineering tactics.
Targeted attacks against critical infrastructure have surged, particularly in Ukraine. Reports highlight a rise in Operational Technology (OT) threats, with state-sponsored players using their cyber capabilities to disrupt vital services. Russian Advanced Persistent Threat (APT) groups like Sandworm have been linked to significant malware attacks, such as ‘HermeticWiper’ and ‘CaddyWiper.’ These attacks are not just random; they often align with military actions, aimed squarely at undermining Ukraine’s resilience both on the cyber front and in real life.
Alongside these threats, we see groups like Gamaredon, a Russian state-sponsored actor known for cyber espionage. Since 2014, they’ve focused on targeting Ukrainian government systems to steal sensitive data through tactics like spear-phishing and tailored malware.
Hacktivism has also taken a sharper turn, with various groups launching cyber operations to push their political beliefs. The report identifies “sophisticated hacktivism” as a growing concern. Pro-Ukrainian groups like the IT Army of Ukraine have mobilized against Russian entities, while pro-Russian collectives, like Killnet, have carried out DDoS attacks on Western organizations. This surge in activity, particularly against Ukrainian websites early in the war, demonstrates a new and aggressive phase in this conflict.
The rise of pro-Russian hacktivism complicates the situation. Groups like Killnet and NoName057(16) have targeted NATO nations, making it difficult to trace and hold them accountable for their attacks. This ambiguity adds a layer of complexity to the digital battleground.
Then there’s the issue of “cognitive attacks.” These don’t just target systems; they go after perceptions, spreading disinformation to create confusion and sow discord. The Russian government has employed state-sponsored actors to push false narratives against Ukraine. Now, pro-establishment hacktivists are using similar strategies, aiming to undermine trust in institutions and manipulate public sentiment.
As we think about these past three years, we see the resilience of the Ukrainian people and the global community’s response to these challenges. This ongoing war has made it clear: our digital and physical worlds are tightly intertwined. Staying vigilant and working toward a secure digital environment is more crucial than ever.
Charl Van Der Walt is head of security research at Orange Cyberdefense.