Russian Hackers Pivot to Espionage in Ukraine’s Military Sector as Cyber Incidents Fell in H2 2025
Updated
Updated · POLITICO · May 27
Russian Hackers Pivot to Espionage in Ukraine’s Military Sector as Cyber Incidents Fell in H2 2025
5 articles · Updated · POLITICO · May 27
Ukraine’s cyber defenders say Russian hackers are now prioritizing quiet, persistent access to military and defense-industry networks over headline-grabbing disruptive attacks.
That shift comes as Ukraine’s defenses appear to be improving: cyber incidents affecting Ukrainian organizations declined in the second half of 2025, the first drop since Russia’s 2022 full-scale invasion.
Ukraine’s cyber agency said attacks still surged nearly 70% in 2024, but serious successful breaches fell sharply, suggesting Moscow is adapting rather than easing pressure.
Officials and outside experts say Russia still retains destructive cyber capabilities, but increasingly sees intelligence collection as a way to gain battlefield advantage and preserve options against critical infrastructure.
Ukraine has expanded its cyber posture since the invasion, including a Defense Ministry incident response center launched in 2024 and a 2025 law tightening cybersecurity rules.
How will global security adapt now that an AI has taught itself to create entirely new cyberweapons?
Will Canada's defiance on defense purchases reshape its long-standing alliance with the United States?
Why are billions in Gaza aid being routed to a private account instead of the official World Bank fund?
37% Rise in Russian Cyber Attacks on Ukraine’s Military (2024–2026): Espionage, Supply Chain Risks, and Lessons for Global Defense
Overview
Between 2024 and 2026, Russia intensified its cyber operations against Ukraine, shifting from disruptive attacks to sophisticated espionage focused on Ukraine’s military sector. This evolution saw Russian groups like APT28 move away from complex malware toward persistent phishing campaigns using simpler tools, while still relying on advanced custom malware for maintaining access and stealing data. These tactics highlight the central role of cyber warfare in Russia’s broader hybrid strategy, aiming to gather intelligence and undermine Ukraine’s defenses. The ongoing campaign demonstrates how cyber operations have become a key front in modern conflict, requiring adaptive and resilient defense measures.