Home / News

Ukraine Conflict Transformed the Cyber Threat Landscape, Says Google

According to a recent analysis, the cyber threat landscape has changed dramatically one year since the Russian invasion of Ukraine.

Phishing campaigns by government-backed attackers. Source: Fog of War Report, Google

Google TAG, Mandiant, and Trust & Safety have released a report titled, Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape, based on analysis from Google’s Threat Analysis Group (TAG), Mandiant, and Google Trust & Safety. It includes new findings, retrospective insights, and deep dives into specific campaigns from 2022. Some of the key observations from the report:

  • Aggressive multi-pronged effort: Russia’s cyber operations have become increasingly aggressive over the past few years. In 2021, during the run-up to the invasion, Russian government-backed attackers shifted their focus to Ukraine and saw a dramatic increase in their use of destructive attacks on the Ukrainian government, military, civilian infrastructure, and more. This trend has continued into 2022, with a significant increase in spear-phishing activity targeting NATO countries as well as an uptick in cyber operations designed to further various Russian objectives. Destructive cyberattacks have been on the rise, and many operations aim to balance competing priorities of access, collection, and disruption.
  • Moscow has leveraged the full spectrum of IO: Moscow is utilizing a range of media outlets and platforms to manipulate public opinion of the war. These operations aim to undermine the Ukrainian government, fracturing foreign support for Ukraine and maintaining domestic support in Russia for the war. Google says it is actively working to counter these actions as they often violate its policies and disrupt overt and covert IO (information operations) campaigns. The majority of this Russian IO is in the Russian language and mainly focused on sustaining domestic support in Russia for the war.
  • A notable shift in the Eastern European cybercriminal ecosystem: The invasion of Ukraine has had a significant effect on the cybercriminal ecosystem in Eastern Europe, causing some groups to split up and others to lose vital members. Specialization in ransomware has made it more difficult to identify who is behind an attack. Also observed are some tactics associated with financially motivated criminals being used in campaigns targeting governments. There has been no surge of attacks against critical infrastructure outside of Ukraine, which was unexpected.

What’s next: Russian government-backed attackers are expected to continue cyber attacks against Ukraine and NATO partners in order to further Russian strategic objectives. According to the report, these attacks will become more destructive and disruptive in response to developments on the battlefield that could be seen as an advantage for Ukraine, such as military aid or foreign commitments. Russia is likely to increase its IO to achieve its objectives, but there is no certainty that this will be successful.

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com