During Russia’s invasion of Ukraine, the world was given yet another case to underscore how cyberspace has become a battlefield. In January 2022, researchers uncovered Whisper Gate, a virus that corrupted the master boot record on targeted computers. Following on to February, another malware, Hermetic Wiper, erased data hours before the Russian invasion. Banks, ministries and media outlets witnessed multiple server crashes. For some Ukrainians, war began with blank screens instead of gunfire and explosions. These early actions were intended to spread confusion and disrupt critical infrastructure ahead of military attacks.
Tactics and methodologies, such as this, are the results of years of experimental research and development. During the 2008 Georgia conflict, pro-Kremlin hackers launched distributed-denial-of-service attacks on official Georgian websites. In 2014, phishing campaigns known as “Operation Armageddon” executed by Russia targeted Ukrainian officials, and networks were down to create panic before the illegal referendum. Moving forward in December 2015, Russia completed another cyber-attack in western Ukraine and used KillDisk malware to cut electricity to 225,000 people. These incidents showed how cyber operations could accompany and sometimes precede military aggression. By 2022, digital interruptions were no longer a secondary choice. Cyber-attacks on the KASAT satellite network attempted to paralyze communications across Ukraine and other parts of Europe.
Cyber terrorism works side by side with information war. In March 2022, hackers violated the Ukraine 24 television channel and circulated false news that President Volodymyr Zelenskyy had surrendered. Around the same time, rumours about his health circulated on local radio stations. With these cases, there was an erosion of the public’s trust in the local media. Russian disinformation campaigns have also targeted democracies beyond Ukraine. A NATO Review analysis of Romania’s 2024 presidential election found that networks linked to Russia and Iran used TikTok and Telegram to amplify conspiracy theories and boost a fringe candidate; the constitutional court later annulled the vote due to evidence of algorithmic manipulation. These cases prove how cyberwarfare and disinformation can affect societies far from the war zone.
Ukraine responded through means emphasizing transparency and decentralization. The Ministry of Digital Transformation works with civic tech groups and open-source investigators to expose false news and provide verified information. Volunteers monitor social media, publish fact-checks and help shape a credible narrative. Once cities were liberated, telecommunication crews hurried to repair damaged cables and stations. And to bridge gaps, partners sent more than 47,000 Starlink terminals, which provide satellite internet and can act as backbone links for mobile networks. These terminals ensured that communities stayed online after a missile strike in Vinnytsia.
Operators are moving from fibre-optic lines to xPone energy-efficient and fast technologies that can function longer during outages. A project called “Wi-Fi in School Shelters” equips bomb shelters with routers so people can continue to stay connected. Together, these measures recognize that connectivity is a lifeline during war.
International support has strengthened these efforts. The Tallinn Mechanism, launched in December 2023, coordinates cyber foreign aid among donor countries. Within a year, it had mobilized roughly €200 million and organized training for hundreds of Ukrainian cyber specialists. Donors meet weekly via secure line, with the European Union and NATO providing consultations. The goal is to set the right priorities for projects and share information. Large-scale exercises held in 2025, training 387 Ukrainian experts in detecting and mitigating attacks.
Ukraine’s experience gave valuable lessons for the world. In July 2025, the North Atlantic Council condemned Russian cyber operations and warned that GRU-linked actors had targeted governments and critical infrastructure across the Alliance. NATO emphasized that such activities are key tools of Russian aggression and reaffirmed its commitment to collective defence in cyberspace. The Alliance is investing in an Integrated Cyber Defence Centre and updating its Cyber Defence Pledge to improve readiness.
The European Union and NATO have also created a joint task force on critical-infrastructure resilience. Its 2023 NATO report called for protecting energy, transport, digital and space systems and for deeper information sharing across borders. Attacks on power stations, satellites and cables can go out well beyond national boundaries, so countries must align regulations and coordinate responses. Looking ahead, artificial intelligence could accelerate the production of deepfakes, and quantum computing could threaten encryption. Defending against these developments will require not only better technology but also informed citizens and strong public–private partnerships. Ukraine example, combining fast restoration of services, adoption of resilient technologies and cooperation through mechanisms like Tallinn – offers a draft proposal.
The war in Ukraine shows that the front line is no longer limited by land, water or air. Ukraine’s case of resilience in repairing networks, training specialists and working with allies proves that societies can adapt to this new form of war. For NATO and the global community, the lesson is very clear: cyber defence is a shared responsibility. Protecting democratic processes, critical infrastructure, and fact-checked information needs collaboration.
Photo: “Colourful JavaScript code on a computer screen” (n.d.), by Rashed Paykary via Pixel https://www.pexels.com/photo/colorful-javascript-code-on-a-computer-screen-31177212/
Disclaimer: Any views or opinions expressed in articles are solely those of the authors and do not necessarily represent the views of the NATO Association of Canada.
