On February 21, 2022 Russia’s President Vladimir Putin recognized the independence of the Russian dominated Luhansk and the Donetsk regions in eastern Ukraine which have been challenging Kiev’s sovereignty, and sent troops in to “keep the peace”. Subsequently, two days later Russia launched a “special military operation” in Ukraine to “demilitarize and denazify” the country. The conventional warfare dimension of the conflict is very much apparent and has attracted global attention. However, besides the use of conventional forces like tanks, missiles and warships, Russia has also employed several hybrid war tactics including political, cyber, and information warfare operations against Ukraine very much like its activities in Crimea in 2014, although on a much-magnified scale. Ukraine has also used such tactics against Russia. These operations in cyberspace have raised serious concerns among the global community due to the possibility of a fallout.
In 2014, there was a series of cyber-attacks targeting banks, military networks, nuclear power plants, and government websites. Ukraine’s central election computers were hacked by a group of pro-Russian hackers named CyberBerkut, and the virus was removed from the systems only 40 minutes before the election results were announced. The virus was intended to manipulate the election results by tampering with the election tally. If the virus was not removed, Dmytro Yarosh, leader of the ultra-nationalist Right Sector party would have won with 37 percent vote when he secured only 1 percent against Petro Poroshenko, who was the actual winner. Russian Channel One went on to display an image claimed to be taken from Central Election Commission’s server and announced Dmytro Yarosh as a winner with a 37 percent vote. This was done by Russia to create distrust among the Ukrainians against the electoral system in Ukraine.
This was followed by another massive attack on Ukraine’s three energy distribution systems in 2015, which led to a blackout for six hours in the extreme winter. Russia-based hacking group Sandworm was behind the attack, and they compromised the network using spear-phishing emails with a trojan named “BlackEnergy”. Further, the Russian military was found to be behind the ‘NotPetya’ cyber-attack in 2017 which was initially misunderstood to be ransomware but it deleted the data permanently from the computers of banks, energy companies, and airports in Ukraine. The damage was not limited to Ukraine alone, companies based in the US, UK, India, Germany, and France were also victims of NotPetya and it is estimated that it was responsible for a loss of $10 billion globally.
The trend continues in the 2022 conflict as well – critical infrastructure in both countries is subjected to attack, and in addition, cyberspace acts as a medium that facilitates the spread of propaganda swiftly. Russia’s cyber capabilities are well known globally and it was demonstrated on multiple occasions such as the 2007 cyber-attacks on Estonia in response to the relocation of a Bronze Soldier in Tallinn, which was built honouring the Soviet Union’s soldiers in their fight against Nazi Germany in 1947. Hence, there raises an important question of why Ukraine’s cyberspace is not completely shut down by Russia – is it because Russia has not unleashed its full potential, or Ukraine is resilient enough to protect its infrastructures from Russian attacks?
To retain domestic support and in response to the ban of prominent Russian news outlets Russia Today and Sputnik by the West, Russia imposed a ban on social media platforms such as Instagram, Meta, and Twitter. Further, a bill was passed by the Kremlin which imposes prison sentences of up to 15 years for intentionally spreading “fake reports”, according to Moscow. This enables Russia to build a narrative about the war among its domestic population as they deemed to be fit.
Alongside launching a conventional attack, cyber-attacks were launched on Viasat, a satellite internet provider resulting in communication outage throughout Ukraine. Communication becomes crucial during times of war, and the attack on Viasat posed a great challenge to the Ukrainian army during the initial days of war since it took weeks to restore the services.  Russia also targeted the websites of Ukrainian banks and the government by launching a DDoS campaign. Malware similar to ‘NotPetya’ named ‘WhisperGate’ was found in several networks. Further, wiper attacks were detected on February 23, and several pieces of malware were spread alongside the HermeticWiper, which is capable of deleting the data permanently. A malware named SunSeed was used by the Belarus-sponsored hacking group named UNC1151 to target Ukrainian military personnel’s email accounts and through them, European governments aiding Ukrainian refugees were also targeted.
Ukraine has also used cyberattacks against Russia prior to the conflict. In 2016, Ukraine based group CyberJunta leaked the emails of Vladislav Surkov, a senior Kremlin official. They leaked the passports of Surkov and his family and his emails to separatist groups in Eastern Ukraine. In response to the present conflict, Ukraine created an IT army and it has targeted the Russian government websites. Nearly 3 lakh people have signed up to the group in the Telegram app globally in support of cyber-attacks against Russia. Western officials have discouraged such move citing cyberattacks may spiral and may have unintended consequences if overlooked. Also, concerns have risen since it may be considered a criminal offense if an attack violates any law. It has also been argued that such attacks run the risk of playing into Putin’s hands by portraying Russia as a victim of attacks from the West. Anonymous hacking groups from Ukraine were found targeting the Russian state-run channels such as Channel One, Russia 24, and Moscow 24, and they also targeted the Roskomnadzor, an agency responsible for censorship in Russia.
Recently, a report alleged China’s involvement in espionage activities in Ukraine days before Russian troops entered Ukraine. It was based on the intelligence memos obtained from the source at SBU, Ukraine’s security service, though Ukraine’s security officials denied any such incident. Firstly, considering Russia’s past activities in cyberspace, it is evident that it has capabilities to carry out intelligence activities of this scale and therefore raises the question why it would require any assistance from China. Further, though Russia and China reassured their ties even during the Beijing 2022 Winter Olympics, China has not condemned the attack, nor has it come in support of Russia overtly. Also, Biden has warned China of the consequences it would face if it provided any material support to Russia. In case, if the allegation of China providing intelligence to Russia is proven, whether it will be treated on par with material support is a question left to be answered.
Russia has apparently not used its full force yet. Whether it will be going for a full-blown attack, or an escalation will be seen in the upcoming days is uncertain. Is it the fear of consequences globally that is stopping Russia from using its full potential, or has it planned the conflict in the virtual space to be limited, remains unclear. Nevertheless, Ukraine has not let its guards down and is vigilant and continuously monitoring for all kinds of malicious activity.  
The global community must be cautious and monitor the activities to secure their own assets in cyberspace, since there are high chances for spill-over effects. Though ‘NotPetya’ was intended to target only Ukraine, it had global implications and therefore it is necessary to learn lessons from the past. Cyberspace is not a territory with defined borders. Since most of the networks are interconnected and software is interdependent, the vulnerability exploited on one end may spread across the spectrum. As there is a strong public sentiment on both sides against each other, cyber weapons left unregulated in the hands of both state and non-state actors may prove to be disastrous.
Disclaimer: The views expressed in the article are personal.