October 24, 2025: While Ukraine is the underdog in its war with Russia, it has developed several new weapons and techniques to level the playing field. One of the most effective weapons has been cyber warfare, which enables Ukrainians to accomplish a wide range of objectives. A recent cyber warfare effort allowed their intelligence personnel to eavesdrop on Russian radio communications. This involved bypassing Russian security measures and avoiding detection for as long as possible. A recent hacking attack also successfully stole valuable data from Russian defense firms. Another attack disrupted the Russian banking system.

The Russians are also skilled in cyber warfare and all forms of electronic warfare. Listening in on Russian communications, especially those involving planning for future operations and the conduct of current activities, is considered a major victory. This information must be used carefully to prevent the Russians from realizing their communications have been compromised. Russian countermeasures to prevent such breaches are constantly being modified and upgraded to detect Ukrainian efforts. Cyber warfare is not considered newsworthy, so the activities of cyber warriors are rarely reported. Cyber warfare operations are also kept as secret as possible. Details of these operations typically become known only long after they have taken place.

Some cyber warfare operations are impossible to conceal. For example, last year, Ukraine carried out a surprise electronic attack on Russian internet access. This was accomplished through the largest Distributed Denial of Service (DDoS) attack ever recorded. The attack disrupted all major Russian internet systems, including financial institutions, government networks, and internet-based communications, such as messaging apps and social networks.

These attacks are typically carried out by first deploying a computer virus, often delivered as an email attachment that installs a secret Trojan horse program. This program allows someone to remotely take over the infected computer and turn it into a zombie for spamming, stealing, monitoring, or launching DDoS attacks to shut down another site. There are millions of zombie PCs out there, and these can be rented for spamming or launching DDoS attacks. A website can be equipped to resist or even brush off a DDoS attack, but the Ukrainian attack was so massive and well-planned that Russian DDoS defenses were ineffective.

It took about three weeks to restore the Russian internet to normal, although some systems were so heavily damaged that it took months to get them running again. Major commercial, government, and military systems were damaged or offline for weeks while repairs were made. The Ukrainian attacks were so extensive, targeting internet systems throughout Russia, that there were not enough Russian internet engineers to repair all the damage immediately. This meant non-critical systems remained offline for weeks or months.

The Russians feared the Ukrainians would launch a similar attack before all the damage from the recent one was repaired. Russia has long been a leader in such attacks, but the Ukrainians prepared for this before the Russian invasion in 2022 and strengthened their internet defenses. Russia was not as well-prepared and was vulnerable. Some Russian internet engineers had warned their government of these vulnerabilities, but not enough was done.

Attacks like these are more common now but have been occurring for over two decades. For example, in 2011, an unusual incident occurred in South Korea, where a widely distributed computer game was infected with malware. What caught the attention of South Korean military intelligence was that the malware was embedded in every copy of the game, and at one point, many of the 100,000 infected PCs attempted to shut down the air traffic control system at a major South Korean airport.

Further investigation revealed that the airport attack was part of a growing cyber warfare campaign by North Korea against South Korean government and military websites. One of the most disruptive North Korean cyber warfare weapons was DDoS attacks. While some websites are equipped to resist or even brush off a DDoS attack, others were unprepared. The South Korean airport was disrupted for several hours. The Russians suffered even greater damage in 2024. North Korea has launched DDoS attacks and attempted to hack into South Korean networks for over twenty years. This remains an ongoing problem for South Korea and Japan, which have had to construct large-scale internet defenses to provide some protection from further North Korean attacks via the internet. Most North Korean attacks are motivated by financial gain, as North Korea is perpetually short of funds and always in need of more cash. North Korean hackers have turned many compromised foreign internet systems into their own private ATMs.