A record number of Russian airstrikes involving planes, drones and missiles against Ukraine over the New Year period underscored Kyiv's difficulties in bolstering electronic warfare capabilities aimed at blocking and dispersing enemy drones and guided missiles.
Moscow retains a competitive advantage for now because it focused on these capabilities before the full-scale invasion of Ukraine began nearly two years ago. This is confirmed by three-level attacks that were also carried out on the Ukrainian communications infrastructure, “strange attacks on Kyivstar - the main mobile operator in Ukraine with 50% of the market and 24 million users, which is more than half of the country's population.
There is a huge misunderstanding among Western analysts who believe that Russia can stop and that Putin can be “convinced,” “calmed,” “deceived,” or “put to sleep.” In reality, the actions of Moscow's forces in Ukraine are a model of total war, applicable to any global situation. Massive, multi-hour combined attacks by drones and various types of missiles are a tactic to intimidate the civilian population and are aimed at depleting Ukraine’s air defense.
Russia's latest, increasingly sophisticated attacks indicate an improvement in the concept of "next generation warfare." It is multidimensional and combines military, technological, informational, diplomatic, economic, cultural and other spheres to achieve strategic goals. “In addition to “open” intervention, there is an active use of various methods of asymmetric influence against Ukraine, ranging from attempts at political pressure, corruption of officials, intimidation of civilians, the desire to isolate the country at the diplomatic level and blockades along the borders. All this against the background of the globalization of Russian propaganda, which demonizes Kyiv and works to reduce its international support. The “new war” against Ukraine took the West by surprise, which should think not only about producing modern weapons and equipping their armies with them, but also about ensuring the reliability of critical infrastructure from possible Russian attacks, the methodology of which has been changed.
Cyber attacks in Ukraine were carried out in at least three stages. Shortly before the start of the war, there were massive hacker attacks on Ukrainian government agencies and leading companies from outside. They took place from February 13 to 16, 2022. Another large-scale attack was carried out on February 23, on the eve of the invasion of Ukraine. In 2023, cyber intrusions into the Ukrainian national energy grid have become more frequent. The main distinguishing feature of such operations was their synchronization with missile and drone attacks on Ukrainian energy facilities, especially in winter. Before the war, Ukraine was attacked only by isolated hacker groups. After the start of a large-scale invasion, Russian hackers are coordinated by a single center. Russia invests hundreds of millions of dollars in cyberattacks as well as propaganda, constantly improving methods and procedures. After two years of war, we are dealing with “strange attacks” on critical infrastructure, which, among other things, are carried out from within.
On December 12, 2023, a large-scale technical blockade occurred in the network of the main Ukrainian mobile operator Kyivstar: mobile communications and the Internet were paralyzed, all systems associated with the operator were affected. Suspicion immediately fell on Russia.
At first glance, the attack resembled the attack on Ukrainian critical infrastructure in the winter of 2023. However, this time the situation was not limited to communications, but extended to all equipment using the operator’s mobile network. For example, in several cities of Ukraine, ATMs and payment terminals stopped working. Due to disruption of Kyivstar services in Lviv, street lighting lines were manually connected. The company had to admit and report that it was the victim of one of the largest hacker attacks in history, however, emphasizing that the personal data of subscribers was not compromised.
But that’s not all, because in one of the Russian kamikaze drones “Shahed” shot down by Ukrainians, they found a SIM card of the Kyivstar operator, which allows the Russian military to use the Kyivstar mobile network to track the drone’s route and change the coordinates of its flight. The card was activated simultaneously with several others from Kyivstar in the temporarily occupied territories of Ukraine. Ukrainian intelligence services began to investigate the unusual use of the operator. Since the turning point was approaching, Russian intelligence lost its nerve and decided to destroy traces of its agent’s presence in the bosom of Kievstar. For many years, Russia has been “saturating” Ukrainian institutions and major companies in the country with its agents.
This precedent indicates a growing threat to Europe: in the context of a full-scale war with Ukraine, Russia is making efforts to create positions in information and telecommunications companies in European countries with subsequent personnel and technological penetration into their infrastructure. Thus, Russian intelligence services gain access to information of interest to them, and also create favorable conditions for carrying out various kinds of sabotage, hacker attacks, industrial espionage with attendant economic and political damage to the West.
This is a classic hybrid threat that Russia uses to weaken Europe. In turn, Russian business is a conscious accomplice in such crimes: by purchasing assets in foreign companies, similar to Kyivstar, part of whose shares were owned by the Russian oligarch Fridman, it creates positions for further penetration by Russian intelligence services and their agents. Under the current circumstances, the West must refuse any contacts or cooperation with Russian business, given its obvious toxicity. It would also be advisable for Western telecommunications and technology companies to divest from Russian assets that pose a threat to their national security.