Monitoring the Harm to Civilians in Armed Conflict

Emma Raffray

The CyberPeace Institute needs your support

Since the February 2022 full-scale military invasion of Ukraine by the Russian Federation no organization has publicly traced and documented the cyber dimension of the armed conflict as extensively as the CyberPeace Institute. Through our interactive timeline and Cyberattacks in Times of Conflict platform we’ve been able to trace how different threat actors are targeting different sectors in the context of the ongoing hostilities and that the impact is felt far beyond the borders of the belligerent countries. 

2 years of data [Jan 2022 – Dec 2023]
Cyberattacks & incidentsThreat ActorsCountriesSectors

Our data-visualization and analytics tools have generated 80,000 views with the average user spending 3 minutes and 42 seconds exploring the available information. 

What problem are we trying to address?

Our research and analysis has traced 666 cyberattacks or incidents against organizations based in Ukraine, 331 against organizations in the Russian Federation and 2258 against organizations based outside of these two countries. These attacks can be broken down into 4 categories based on the primary nature of the impact they cause to the organizations and / or the civilian population:

Incidents Jan 2022-Dec 2023
Incident CategoryNb of incidentsOverview of findings
Disruptive 2,852These incidents are primarily distributed denial of service attacks executed by hacking collectives with geopolitical motives. The majority of the  incidents targeting organizations outside the two belligerent countries fall within this category. The impact of these incidents is temporary in nature and whether or not they cause harm remains to be determined. Nevertheless we have identified that these attacks play a role in destabilizing cyberspace, influencing the information space and, affecting the sense of security and perception of public institutions. 
Data weaponization198Russian state-sponsored actors have demonstrated an interest in data-held by organizations in Ukraine and in countries showing support and/or political alignment with Ukraine. Public administration entities in Ukraine were the target of cyberespionage operations whilst those in Ukraine-aligned countries have been targeted in hack and leak operations. On the other hand,  financial and public administration entities in Russia were heavily targeted in the first year of the conflict by hacking collectives conducting cyberattacks with the purpose of exfiltrating and leaking data online. 
Disinformation & Propaganda128Cyber-enabled information operations, website defacements and coordinated inauthentic behavior operations have played a pivotal role in shaping the information space relating to the ongoing armed conflict. Ukrainian and Russian civilians as well as the populations of many European and pro-NATO countries have been targeted through campaigns aimed at influencing and dividing opinions and undermining trust in the State and other institutions. The impact and harm caused by such campaigns are primarily indirect and less tangible however, ​the spread of disinformation is of concern as it can cause severe mental suffering, exposure to retaliatory violence, prevent people from accessing healthcare, humanitarian aid, etc., as well as to the acceptance and security of humanitarian organizations carrying out humanitarian activities. Methodologies to assess and measure indirect harms are lacking today. 
Destructive37The deployment of wiper malware played a key role at different strategically important moments of the armed conflict. These attacks have been primarily deployed against Ukraine-based organizations and attributed to nation-state actors. These attacks are more sophisticated than the high-volume disruptive attacks we’ve traced and they have a longer-term, if not permanent, impact on the organizations they’ve targeted. Destructive attacks against the energy, transportation and water sectors have escalated the need to effectively measure the harm caused by both successful and attempted incidents affecting a nation’s critical infrastructure.  

In order to reduce the impact and harm on civilian populations and to increase the accountability of those responsible for endangering civilians, the Institute has focused its activities on understanding the threat from cyberattacks and incidents in armed conflicts,  advocating for better respect for international law, increased accountability and support to strengthen the digital security of NGOs.

What have we been working on?

Thought leadership and research contributions

Through the development and creation of a publicly available timeline of incidents and an interactive platform to explore the threats, the impact and harm and the law and policy implications, the Institute has contributed to the international community’s understanding of the cyber dimensions of the conflict. Our team of intelligence and policy analysts have used the data to produce regular threat reportsarticles and blogs, and a video-series to raise awareness of the threats. 

The Institute has also worked on incident specific case studies, notably on the telecommunications and energy sectors, to better understand the impact and harm of cyberattacks when deployed in the context of an armed conflict. These case studies are used to feed the development of a first-of-its-kind methodology for measuring and assessing the harm of cyberattacks and incidents on people. 

Advocating for Respect of International Law and Accountability 

Our policy experts produce actionable insights and recommendations based on the Institute’s mapping of the cyber threat landscape and harm caused to people and society which can be used to strengthen respect for, respect of and/or development of laws, rights and norms. These legal and policy contributions are shared with States, United Nations fora, European Union and other international and regional organizations, as well as civil society actors to raise awareness of the harms of cyberattacks and the impact on vulnerable communities.

The Institute also supports initiatives aimed at combating impunity for cybercrimes committed during armed conflicts by engaging with entities such as the International Criminal Court. 

Strengthening the digital security of NGOs

The Institute also provides humanitarian NGOs in armed conflict zones, and/or responding to a humanitarian crisis, access to free data transfer and storage capabilities, and other cloud services, in order to safeguard their data and reduce the risk of disruption to their operations. This CyberPeace Cloud service is made available through the Institute’s flagship CyberPeace Builders program. 

How can you support our future ambitions?

The CyberPeace Institute is a non governmental not for profit organization with a commitment to safeguarding the lives and rights of people who suffer from the misuse of technology, during peacetime and in times of armed conflict. We value the organizations and communities who have chosen to partner with us and to support us to tackle the complex challenges posed by modern warfare. 

Our work has been recognized across the academic, policy and civil society communities as transparent, independent and unique; all qualities which we strive for. The continued collection of data, production of analytical products and development of new accountability mechanisms come at a cost. As an Institute we want to actively contribute to reduce harm to people from cyberattacks and increase the accountability of both threat actors and regulators. These include but are not limited to:

Thought Leadership and Research Contributions

  • Publish original research papers, case studies and reports on emerging trends to inform policy discussions.
  • Participate in global conferences and events to share insights and shape discourse.
  • Track threats and threat actors in the Ukraine-Russian conflict and across other armed conflicts.

Advocacy for Stronger Legal Frameworks and Accountability Mechanisms

  • Develop an applicable methodology to assess and measure harm from cyberattacks.
  • Engage with policy makers to promote responsible State behavior in cyberspace.
  • Support initiatives aimed at combating impunity for cyber crimes committed during armed conflicts.

Strengthen Digital Security in Conflict Zones

  • Develop and provide secure technological tools and resources to NGOs operating in conflict zones.

Call for support

As of today, we do not have sufficient resources to maintain the update of  the Cyberattacks in Times of Conflict platform. If you are a user or admirer of our work, if you believe in our mission, we need your financial support to ensure we continue to protect those most vulnerable to malicious activities online. Take one step today towards supporting this effort, we cannot do it alone.

As an individual, donate a one-time or monthly gift.

As a trust or foundation, provide a grant by contacting our Strategy & Partnerships team. 

As a technology or cybersecurity company, contribute to our data feeds, IT tools and services. 

As an academic or civil society organization, join us on common research projects.

© Copyright 2023: The concepts and information contained in this document are the property of the CyberPeace Institute, an independent non-governmental organization headquartered in Geneva, unless indicated otherwise from time to time throughout the document. This document may be reproduced, in whole or in part, provided that the CyberPeace Institute is referenced as author and copyright holder.


Support the CyberPeace Institute

Individual lives can be changed dramatically by the acts of cyber criminals. We need your support to assist victims of cyberattacks in the NGO, humanitarian and healthcare sectors.


Subscribe to our newsletter

Receive monthly news on what’s happening at the Institute: our impact, publications, events and important milestones.