CyberPeace Institute Analysis on Ukraine Conflict Highlights Hidden Impact of Cyber Attacks on Society

CyberPeace Institute

Geneva, Switzerland, 16 June 2022 – A new publicly available resource, the ‘Cyber Attacks in Times of Conflict Platform #Ukraine’, provides insights on how cyberattacks and operations, since the invasion of Ukraine by forces of the Russian Federation and the ongoing conflict, impact civilians. 

Data is aggregated and analyzed on more than 200 cyber attacks and operations affecting some 19 sectors in more than 18 countries.

Since the beginning of the year, the CyberPeace Institute has been documenting cyber attacks related to the armed conflict. The Institute is tracking cyber attacks that target critical infrastructure essential for the survival of the civilian population and civilian objects, and targets that have been impacted by cyber attacks as a result of the war and its associated economic and geopolitical context. It is important to underscore that such attacks should not be directed against critical infrastructure and civilian objects whether in wartime or peacetime. 

The CyberPeace Institute has documented cyber attacks related to the conflict and how they impact organizations and individuals including beyond the borders of Ukraine” stated Stéphane Duguin, Chief Executive Officer, CyberPeace Institute. “The serious concern is not in relation to any one incident but the convergence of cyber attacks and kinetic attacks that severely impact civilians. The use of cyber attacks preceding or since the military invasion of Ukraine by the Russian forces, has enormous implications for cyberspace.” 

The CyberPeace Institute’s analysis is presented in three sections in the ‘Cyber Attacks in Times of Conflict Platform #Ukraine’: 

  • Cyber Threats: analyzing the cyber attacks and attribution of the attacks to threat actors. The cyber threat landscape provides insights to enables the documentation of evidence for future legal accountability  
  • Impact and Harm: tracing the harm of the cyber attacks on civilians. By measuring the impact and harm we can assess how in the future to better protect civilian populations, not just in Ukraine but across the world, who are suffering as a result of the attacks. The tracking of cyber attacks and operations as they become public is important in order to record these attacks and identify – where possible – the harm and risks for civilian populations, which may not be immediately apparent
  • Law and Policy: documenting legal instruments relating to cyber attacks and the challenges to the application of international law and the law of armed conflict in the context of the war. Doing so, can drive regulatory change in the future. 

The war in Ukraine has not only taken place in the physical domain but has also included a unique combination of cyber threats. In the context of the war, there are 8 dominant cyber threats that have at times served to destruct, disrupt, disinform, and weaponize data. The documentation of these attacks not only provides an insight into the role that cyber has in the Russian-Ukrainian war but also in future armed conflicts. Yet it is the hidden impacts that these attacks have on people that matter most.

Identifying and documenting cyber attacks is crucial” said Emma Raffray, Senior Analyst, CyberPeace Institute. “Whether they make the headlines or not, cyber attacks on the civilian population, and on infrastructure essential for its survival, cause differing degrees of harm, from undermining trust in institutions, disrupting core civilian and humanitarian services, spreading disinformation, preventing or impeding communication and breaching large amounts of personal data.” 

An interactive timeline provides insights on how cyber attacks and operations have evolved over time, not only in Ukraine but also in the Russian Federation and the rest of the world. 

An interactive geopolitical map overlays a number of economic and geopolitical indicators with records of cyber attacks to allow for analysis of the interplay between online and offline activities. For example, the Institute’s analysis has shown this in the context of some NATO countries that have been targeted by Distributed Denial-of-Service (DDoS) attacks on their governments and railway in recent months, in some cases in the immediate aftermath of public announcements relating to the conflict

The CyberPeace Institute calls upon actors to spare all civilians and other protected persons, civilian objects and infrastructure which are ensuring the delivery of essential services in line with international humanitarian law,” stated Klara Jordan, Chief Public Policy Officer, CyberPeace Institute. “This is an obligation of all parties to the armed conflict. Respecting this law is important to save lives and reduce suffering.” 

In the future, it will be important to use the information on cyber attacks to identify developments or clarifications of the law in relation to the use of cyber operations in armed conflicts, and for accountability in any future judicial proceedings.

© Copyright 2023: The concepts and information contained in this document are the property of the CyberPeace Institute, an independent non-governmental organization headquartered in Geneva, unless indicated otherwise from time to time throughout the document. This document may be reproduced, in whole or in part, provided that the CyberPeace Institute is referenced as author and copyright holder.


Support the CyberPeace Institute

Individual lives can be changed dramatically by the acts of cyber criminals. We need your support to assist victims of cyberattacks in the NGO, humanitarian and healthcare sectors.


Subscribe to our newsletter

Receive monthly news on what’s happening at the Institute: our impact, publications, events and important milestones.