-

From Ukraine to the Whole of Europe: Cyber Conflict Reaches a Turning Point

  • The February 2023 report by Thales's Cyber Threat Intelligence unit reviews one year of cyber-attacks across Europe.
  • The third quarter of 2022 marked a turning point in cyber-attacks related to the conflict in Ukraine, with a clear transition from a cyber-war focused on Ukraine and Russia to a high-intensity hybrid cyber-war across Europe. The cyber-war is targeting Poland and the Baltic and Nordic countries in particular, with an increasing focus on critical national infrastructure in sectors including aviation, energy, healthcare, banking and public services.
  • From targeted destruction campaigns to guerrilla cyber-harassment, pro-Russian hacktivists are using DDoS1 attacks to make servers temporarily inaccessible and disrupt services. They are part of Russia's strategy to engage in information warfare as a way to wear down public and private organisations.

PARIS--(BUSINESS WIRE)--Thales:

Eastern and Northern Europe on the front lines of the cyber conflict

A new attack geography has taken shape over the last 12 months. At the very beginning of the conflict, the majority of incidents only affected Ukraine (50.4% in the first quarter of 2022 versus 28.6% in the third quarter), but EU countries have seen a sharp increase in conflict-related incidents in the last six months (9.8% versus 46.5% of global attacks).

In the summer of 2022, there were almost as many conflict-related incidents in EU countries as there were in Ukraine (85 versus 86), and in the first quarter of 2023, the overwhelming majority of incidents (80.9%) have been inside the European Union.

Candidates for European integration such as Montenegro and Moldova are being increasingly targeted (0.7% of attacks in the first quarter of 2022 versus 2.7% at the end of 2022) and Poland is under constant harassment, with a record number of 114 incidents related to the conflict over the past year. War hacktivists have specifically targeted the Baltic countries (157 incidents in Estonia, Latvia and Lithuania) and Nordic countries (95 incidents in Sweden, Norway, Denmark and Finland). Germany saw 58 incidents in the past year, but other European countries have been relatively spared, such as France (14 attacks), the UK (18 attacks), Italy (14 attacks) and Spain (4 attacks).

"In the third quarter of 2022, Europe was dragged into a high-intensity hybrid cyber-war at a turning point in the conflict, with a massive wave of DDoS attacks, particularly in the Nordic and Baltic countries and Eastern Europe. Cyber is now a crucial weapon in the arsenal of new instruments of war, alongside disinformation, manipulation of public opinion, economic warfare, sabotage and guerrilla tactics. With the lateralisation of the conflict from Ukraine to the rest of Europe, Western Europe should be wary of possible attacks on critical infrastructure in the short term if the conflict continues to accelerate." Pierre-Yves Jolivet, VP Cyber Solutions, Thales.

From war hacktivists to cyber-harassment

Of all cyber-attacks reported worldwide since the start of the conflict, 61% were perpetrated by pro-Russian hacktivist groups, and in particular by Anonymous Russia, KillNet and Russian Hackers Teams, which have emerged since the start of the conflict to mirror the efforts of Ukrainian IT Army hacktivists early in the war. These new groups are more structured and use the type of resources favoured by organised cybercrime groups, including botnet-as-a-service2 resources such as Passion Botnet, with the aim of cyber-harassing Western countries that support Ukraine. These groups of independent, civilian hacktivists have emerged as a new component in the conflict. They can be assimilated to a cybercriminal group with specific political objectives and interests, acting out of conviction yet not directly sponsored by any government. Members of such groups have a broad array of origins, technical skills and backgrounds.

The third quarter of 2022 marked a transition to a wave of DDoS attacks, in contrast to the first quarter of 2022, which saw a range of different kinds of attacks, divided more or less equally among data leaks and theft, DDoS attacks, espionage, influence campaigns, intrusion, ransomware, phishing, wiper and infostealer attacks3. Cyber attackers have since favoured DDoS attacks (75%) against companies and governments. This systematic harassment often has a low operational impact but sustains a climate of anxiety among security teams and decision-makers. Their objective is not to have a major operational impact but to harass targets and discourage them from supporting Ukraine.

On the other end of the spectrum, wiper attacks can destroy an adversary's systems, and long-term espionage can undermine the integrity of an adversary's security apparatus, but such techniques take much longer to prepare and require more resources. Destructive cyber-military operations, along with espionage, account for only 2% of the total number of incidents and are mainly targeted at Ukrainian public-sector organisations.

Russian authorities regularly use cyber to harass their adversaries without engaging in direct confrontation.

Acts of cyber warfare are still taking place in Ukraine – as we saw with the ATK256 (UAC-0056) attack against several Ukrainian public bodies on the anniversary of the conflict (February 23, 2023 ) – yet they are drowned out in the eyes of Westerners by constant cyber harassment.

Thales's contribution to the protection of critical infrastructure

Thales provides cybersecurity solutions for nine of the top ten Internet giants and helps to protect the information systems of more than 130 government agencies and essential services providers. With more than 3,500 cybersecurity experts, the company provides governments and critical infrastructure operators with integrated incident detection and response solutions, including cyber threat intelligence, sovereign probes, Security Operation Centres and encryption systems to prevent data breaches. Organised around three families of products and services – sovereign products, data protection platforms and cybersecurity services – the Group's portfolio of cyber solutions generated a combined total of more than 1.5 billion euros in sales in 2022.

Download the abstract

Download the report

About Thales

Thales (Euronext Paris: HO) is a global technology leader serving the Aerospace, Defence and Digital Identity & Security markets. Our solutions help to make the world safer, greener and more inclusive.

We invest close to 4 billion euros a year in Research and Development, driving innovation in key areas such as quantum technologies, cloud architectures, 6G and cybersecurity.

With 77,000 employees in 68 countries, the Group generated revenues of 17.6 billion euros in 20221.

_______________________________

1 Excluding Transport business, which is being divested

More information:
Cybersecurity solutions | Thales Group
Cyberthreat Hitmap (thalesgroup.com)

1 A distributed denial-of-service attack (DDoS) aims to make one or more services unavailable either by exploiting a software or hardware vulnerability or by saturating a network's bandwidth to deny access to users.
2 Sale or rental of a proxy network to other malicious actors for use in launching cyber-attacks.
3 Phishing is an attempt to lure a user into divulging information. A wiper is a type of malware used to erase data from an infected system. An infostealer is a type of spyware used to collect information from a system.

Contacts

PRESS CONTACT:

Thales Media Relations
Marion Bonnet
+33 (0)6 60 38 48 92
marion.bonnet@thalesgroup.com

Thales

BOURSE:HO

Release Summary
CTI Report on Europe & Ukraine

Contacts

PRESS CONTACT:

Thales Media Relations
Marion Bonnet
+33 (0)6 60 38 48 92
marion.bonnet@thalesgroup.com

More News From Thales

Thales Secures Significant U.S. Army LOCODA Radio Order Following Rapid Development Push

ABERDEEN PROVING GROUND, Md.--(BUSINESS WIRE)--Delivering capability at mission speed, Thales subsidiary, Thales Defense & Security, Inc. (TDSI), has secured an order for up to 5,000 Low Cost Data Architecture (LOCODA) Radio Adaptable Transport (RAT) platforms. The Thales RAT solution, which was conceived, developed and field-ready less than four months, modernizes voice and data communications and integrates effortlessly into radio mounts across all current and future U.S. Army vehicle pla...

Thales at Eurosatory 2026: Ready today. Ready tomorrow

VILLEPINTE, France--(BUSINESS WIRE)--As Eurosatory 2026 opens its doors, Thales is pleased to share with you a complete overview of the announcements that will be made during the first day of this international defense and security show. This document centralises all our news, innovations and partnerships, released on June, 15th, 2026 with direct links to the associated press releases: Thales unveils new AI-powered training data analytics platform to enhance military training. Thales launches n...

Estonia Raises the Bar for Secure Digital Identity in Europe With New eID Cards Developed With Thales

MEUDON, France--(BUSINESS WIRE)--With increasing cyber risks and the rapid evolution of digital public services, Estonia is reinforcing the security, durability and adaptability of the documents that underpin its digital society: identity cards, residence permit cards, e-resident digital identity cards, diplomatic identity cards, certificates of AIP (Applicant for International Protection). Backed by Thales’ decades of expertise in secure identity technologies, the new programme introduces stro...
Back to Newsroom