Cyber Operations in Ukraine: Emerging Patterns in Cases




cyber warfare, cyber attack, cyber incident, Ukrainian conflict, cyber armed conflict, digital warfare


The Ukrainian state has been a target of cyber-related incidents since the annexation of Crimea in 2014. Cyberattacks have targeted Ukrainian critical infrastructure, government offices, and several public and private organisations. Sometimes, these cyberattacks have caused significant impacts within the nation's borders. Some of the most well-known cyber-incidents in Ukraine include attacks on the Ukrainian electrical grid, which cut out the power supply for hundreds of thousands of people in 2015 and 2016. Attacks have also targeted presidential election systems and financial entities operating in Ukraine. The majority of attacks within Ukraine's borders have been attributed to Russian-affiliated non-state actors and organisations, and the number of attacks correlates with the escalation of the war in 2022. This implies previous cyberattacks potentially belonging to a series of hybrid operations related to the Ukrainian conflict and the general geopolitical situation since the annexation of Crimea. The paper focuses on this context by examining cyber incidents targeting Ukraine since 2014. We study the unifying factors related to Ukrainian cyber incidents, and we will discuss emerging patterns related to the attacks during the last ten years. This study will uncover the general traits of state-affiliated attacks in Ukraine, which will help uncover emerging patterns. Our particular focus will be cyber-attacks, where the target is the Ukrainian state and its critical infrastructure. We will examine methods of attacks, the attack targets, and the impacts, among other things. With the patterns emerging from our study, we can predict future cyber-attacks targeting Ukraine, providing tools for preparing for future incidents. We can use the information to improve national cyber-defences, where the attacks are likely to happen in the future. Studying the Ukrainian cases may also provide additional insights for improving cyber defences in other nation-states within the parts that apply to these nation-states and their geopolitical contexts.

Author Biographies

Markus Takamaa, University of Jyväskylä

Markus Takamaa is a fellow working on cybersecurity-related topics at the University of Jyväskylä. He has recently received a master's degree in the same field, specialising in nation-state activities in cyberspace. These include cyber operations, national cyber defence and international law. His interests also include personal safety in cyberspace.

Martti Lehto, University of Jyväskylä

Martti Lehto is a research director at the University of Jyväskylä and the Director/Deputy Director at the Finnish Center of Expertise for Cybersecurity in Jyväskylä. Lehto has over 200 publications and research reports on various topics, including C4ISR systems, information warfare, security/defence policy, and leadership/management.