On the frontlines, a new kind of war is being waged, with relentless attacks carried out by Ukrainian cyber operators. Ukrainian cyber teams are deployed on the front lines, engaging closely with their Russian counterparts in a new era of high-tech warfare. “We have people directly involved in the fight,” says Ilja Vitjuk, head of the Ukrainian Security Service’s (SBU) Cyber Division.
Speaking to the BBC from within the heavily fortified SBU headquarters, Vitjuk explains how his teams combine the skills of hackers and special forces, infiltrating Russian systems, working alongside snipers, and applying cutting-edge technologies.
The department employs artificial intelligence systems for visual recognition and analysis of data collected from drones, along with intelligence from human sources, satellites, and other technical sources. This intelligence is used to provide military targets.
Vitjuk’s teams also hack surveillance cameras in occupied territory to monitor Russian troop movements. They redirect kamikaze drones to destroy Russian cameras spying on Ukrainian activities. Often, these operations require teams to work covertly, in close proximity to their targets.
Drones Drones, sometimes used for surveillance and at other times as weapons, have become central to the innovations in this conflict. The SBU cyber team operates its own drones and engages in a cat-and-mouse game to disrupt those belonging to Russia. They set up sensors to detect drones so that operators cannot only disrupt them but also attempt to take control, sending commands for them to land.
All of this often needs to be done in close proximity, carrying risks for team members. “You have to protect them there. So you need to create security around them,” Vitjuk explains.
Just outside the capital, military operators are trained to use drones. Anton, who learned to operate them in a previous life as a tour guide, says the most important lesson is not teaching operators how to control drones but how to survive without being detected.
In the early stages of the war, small drones flew up to 10 km from the front line. But now, Ukrainian operators need to be much closer to overcome Russian signal interference.
“The distance to the front line is getting shorter. Our connection must be stronger than the interference,” Anton explains as he watches a drone flying above them.
Russian intelligence services have also relocated some of their cyber teams closer to the front lines for faster communication with the military and immediate access to captured Ukrainian devices or communications nearby. Captured devices can then be used to gather more tactical intelligence data before people realize they are in Russian hands.
Psychological Operation Cyber conflict was closely linked to military operations even before the invasion in February 2022. A month earlier, Russia attempted to induce public panic by shutting down public websites.
“That was definitely a psychological operation,” says Vitjuk. Ukraine managed to recover most systems, but a few hours before the invasion, a new wave of cyberattacks began. The most effective one took down an American satellite service provider used by the Ukrainian military for communication.
As Russian plans for a swift victory faltered and reports of atrocities emerged, the importance of controlling the flow of information grew. This was underscored on March 1, 2022, when a combined cyber and missile attack targeted the television tower in Kyiv.
“They were trying to deny Ukrainians access to true information,” explains Yuri Shchihol, head of the state agency protecting communications, standing in front of the tower, which still bears the black scars of the missile strike. Engineers scoured the city for replacement equipment, and television broadcasting was restored within hours.
The projectiles that hit the TV tower and data center were also accompanied by cyberattacks. Since then, cyberattacks and missile strikes have often been used in tandem.
Cyberattacks are relentless, explains Viktor Zhora, who oversees the country’s cyber defense while visiting the Ukrainian incident response unit working around the clock: “This is the heart of Ukrainian cyber defense, and there’s always work to do.”
A screen on the wall displays the highlights and setbacks since the war began. The Ukrainian government is the primary target. During a visit by BBC reporters, young employees were dealing with an attack on the State Statistics Service, delaying the release of inflation data. Ilja Vitjuk’s cyber team is working to suppress elite hackers from Russian intelligence agencies by instructing their own hackers to infiltrate their computer systems and eavesdrop on their phone calls.
“I always say Ukraine has debunked the myth of powerful Russian hackers,” Vitjuk says, comparing this battle to two boxers who know each other well and are fighting in the ring.
But Ukraine, Vitjuk warns, is absorbing Russian cyberattacks. Moscow throws almost all of its cyber expertise at Ukraine, leaving little capacity to attack Western targets. If Ukraine were to fall, he warns, these attacks would be redirected elsewhere. However, in fighting their Russian adversary, Ukraine and its allies are also learning new ways in which technology can be integrated into the modern battlefield.