As we mark the third anniversary of The russian invasion of ukraine in February 2022It is essential to reflect on the profound impact this conflict has had on the global cyber security landscape. The war has not only rested geopolitical dynamics but has also significantly influenced the nature and frequency of cyber threts, cyber crime, cyber crime, operational technology (ot) Hacktivism.
In the early stages of the conflict, we observe a disrupt in cyber extraction operations by actors based in the region, as the chaos of warned instability for these criminal enterprises as much as for regulars Citizens. However, as the situation stabilized, cyber extraction surgged once again, with actors bouncing back to new levels of activity. The Security Navigator 2025 Report Highlights that while growth in cyber extortion insurance has an “stabilized,” The tactics employed by cyber criminals have evolved, for example with ai tools Attackers' Operational Performance and Makes It Relatively Easy to Produce Phishing and Other Social Engineering Techniques.
The war has also also catalysed a Rise in Targeted Cyber Threats Against Critical Infrastructure, Particularly in Ukraine. The report Emphasis that “Targeted Operational Technology (OT) Threats” have surged, with state-sponsored actors leveraging cyber capability to disrupt essential services. Russian Advanced Persistent Threat (APT) Groups Like Sandworm Have been linked to several destructive malware campaigns, include the deployment of 'Hermeticwiper'And'Caddywiper'Whoch aim to erase critical data and disrupt operations with Ukrainian Organizations. These attacks have been characterized by their sophistication and sometimes coordination with kinetic Military operations, demonstrating a clear strategy to undermine to undermineee's Resiliense Resilience
Intelligence reports also detail the activities of The gamredon groupA russian state-sponsored actor Responsible for Exented Cyber Espionage Campaigns Against Ukrainian Entities. This group has been active since 2014 and has been exceptionally busy of late, primarily targeting government systems to exfiltrate sensitive information. Its Recent Campaigns have involved speaking attacks and the deployment of custom malware.
The hacktivist element
Hacktivism has also also evolved dramatically And Gained Momentum in Response to the Conflict, with Various Groups Taking Sides and Launching Cyber Operations to Support Their Political Agendas. The report notes that “sophisticated hacktivism” has become a significant concern, as these actors engage in disruptive activities that can further tensions and complicate the SCSCAPE. Pro-ukrainian hacktivist groups, such as The it army of ukraineHave mobilised to target russian entities, while Pro-Russian Groups like Killnet Have launched DDOS Attacks Against Western Organizations. The scale of these operations have been unpreceded, with reports indicating that DDOS Attacks Targeting Ukrainian Websites Increasing Dramatically in the Early Months of the conflict.
The implications of hacktivism extended beyond mere disrupt; They represent a new frontier in cyber conflict. The Rise of Pro-Russian Hacktivism has been introduced a layer of complexity to the conflict, as groups like Killnet and Noname057 (16) Have Claimed Responsibility Forteds AGINSTKS AGIINSTKS AGIINS Adversaries, Including Government Institutions and Private Companies in Nato CountriesThese groups operate with a level of anonymity, making it challenging to attribute attributes and hold them accountable.
In this context, the concept of “cognitive attackers” have emerged as a significant concert. Cognitive Attacks Exacerbate the impact of DDOS and other Technical Attacks, and AIM to Manipulate Public Perception and Sow Discord through Disinformation Campaigns, often Leveraging Social Meedia and Other digital platforms. The russian government has employed these tactics extensive, using state-sponsored actors to disseminate False False Narrama and Undermine Support for Ukrane, but a new generation of problast Hacktivist Actor are operating from the same playbook. The Security Navigator Highlights that “Disinformation Campaigns are designed to erode trust in institutions and create confusion am the populace,” Making them a Potent tool In Modern Conflist.
As we reflect on the past three yearsWe Acknowledge The resilience of the ukrainian people And the Global Community's Response to the Crisis. The Lessons Learned From This Conflict Serve as a reminder of the interconnectedness of our digital and physical worlds and the need for vigilance in the face of evolving thoughts.
The ongoing war in ukraine has rested the cyber threat landscape. As we face another Year Characterized by Conflict and Uncerty, We must Remain Committed to Fostering a Secure and Resilient Digital Environment for All.
Charl van der walt is head of security research at Orange cyberdefense,