1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites
PoliticsEurope

Russia-Ukraine crisis: What role do cyberattacks play?

Friedel Taube
February 28, 2022

Cyberattacks are part of modern warfare. In Russia's war against Ukraine, they are being used to demoralize and spread disinformation. Such moves could also have a direct impact on the battleground.

https://p.dw.com/p/47ij6
Computer keyboard and screen
Cyberspace is one of the battlefields in the Urkaine warImage: Jochen Tack/dpa/picture alliance

It was like a war before the war. The very same day that Russian groups invaded Ukrainian territory, important Kyiv government websites were suddenly inaccessible — including that of the parliament, government, Foreign Ministry and other state institutions.

Hackers had launched a distributed denial-of-service attack, known as DDoS, in which servers are flooded with illegitimate requests so that the infrastructure is overwhelmed and crashes.

Ukraine blamed Moscow for the attacks. Data-wiper malware — software that can destroy huge amounts of data without detection — was found on Ukrainian computers. The cyberattack echoed a similar operation in 2017, when Russian wiper malware targeted Ukraine with the so-called NotPetya malware that caused enormous economic damage.

But now that heavy fighting is underway in Ukraine, cyberspace has become a secondary battlefield. Ukraine is mobilizing its IT experts in addition to its military: According to Reuters, the government is looking for volunteers who can defend it against Russian hacker attacks as well as to prepare their own attacks on important Russian IT infrastructure.

Ukraine is also getting help from Anonymous, the international, loosely organized hacker collective that has declared digital war on the Kremlin. Numerous Russian government websites were inaccessible until February 26, which Anonymous activists were believed to have caused. The website of Russian government broadcaster RT, which Western countries consider a Kremlin propaganda tool, was also affected by retaliatory cyberattacks.

Hacker attacks in hybrid warfare

Can such attacks help decide the outcome of the conflict? Cybersecurity experts are skeptical, including Sven Herpig of the Stiftung Neue Verantwortung think tank. "We are talking about a hot conflict in which things explode and people die. If someone leaks data from the Russian Defense Ministry, I am not convinced that it is really decisive for the outcome of the war."

It is clear, though, that Russia is using cyberspace for hybrid warfare. Not only by attacking critical IT infrastructure, but the targeted dissemination of false information by Russia appears to be part of that.

Even before the invasion, cyberoperations had become part of psychological modern warfare: "It was about unnerving the population and breaking the spirit of resistance," Herpig said.

Digital manipulation — and potential 

In some cases, digital attacks can have a concrete impact on combat. The more digitized an army is, the more potential targets it presents. For example, Russian actors had tried to compromise apps that operate Ukrainian artillery. Such an undertaking could result in getting access to geodata that could then be used to bomb a particular position.

Hackers from the Anonymous collective attacking Russia and bringing down websites like kremlin.ru may have generated a lot of publicity, but Herbig doubted they made a great impression on Russian decision-makers. He pointed out that danger also lies in the hackers' well-meaning activities: They draw Russia's attention to vulnerabilities that Western or Ukrainian secret services intelligence agencies may have had their eye on. "Then these access points are burned. With that, intelligence agencies' work is made more difficult," said Herpig. "That is problematic."

Experts expect an expansion of Russian cyberattacks as the conflict continues — but with a focus on disinformation. Incidents last week indicated as much. Numerous German newspapers reported cyberattacks on their websites and social media accounts and suspected a "pro-Russian disinformation campaign." German media publisher Funke confirmed that bots had attacked their newspapers' websites and social media accounts in several waves. 

smoke billowing in Kyiv on Feb 24
On February 24, Russia launched its invasion of UkraineImage: Ukrainian President s Office/Zuma/imago images

Could a cyberattack trigger NATO's mutual defense clause?

It seems unlikely that Russia would attack the infrastructure of NATO states on a large scale. That's because it can't be ruled out that a cyberattack could be viewed as grounds to activate Article 5 of the North Atlantic Treaty, the mutual defense clause.

"If the cyberoperation had an impact tantamount to that of a kinetic operation, a cyberoperation would trigger Article 5. The means employed are irrelevant, it comes down to the effect," Herpig said.

The German Interior Ministry, however, did not currently see any signs of such cyberattacks on German targets. But they were prepared, a ministry spokesperson said on Sunday.

This article was originally written in German.