The cyberwar against Ukraine has far-reaching consequences that extend well beyond the NATO member states currently getting hammered by cyber-attacks, including both government and private sector actors in Romania, Lithuania, the Netherlands, and the U.S. These consequences stretch all the way to Costa Rica, where a Russian cybercriminal gang recently attacked the national tax authority and health care infrastructure, demanding a $50 million ransom.

As Paul Kurtz and Aaron Ach wrote in the MEI book Cyber War and Cyber Peace: Digital Conflict in the Middle East, “Cyberspace may be the only human-made battleground, but is hardly a borderless domain.”

We’ve all seen the grim images of war coming out of Ukraine in the news and on social media, thanks to the work of fearless journalists, NGOs, and civilians. But there’s also another, hidden war taking place that’s raging at the speed of light. It pits malicious code against computer networks and cyber defenders. It involves psychological malware and the use of disinformation, misinformation, and malinformation to try to twist the narrative of the war, sowing doubt about what’s really happening and attempting to shift hearts and minds.

Many Western tech companies big and small have bolstered Ukrainian cyber defenses, blocking attacks continuously and helping to rebuild networks as quickly as possible. This has resulted in a new type of wartime aid with major corporations offering everything from high-tech security hardware and software to threat intelligence and even personnel.

European and American computer emergency response teams (CERT) have sprung into action, entering the fray and assisting Ukraine and many aid- and evacuation-related NGOs with cyber security and reverse-engineering of Russian wiper malware samples for analysis. CERTs have a long history of overcoming politics to help tech community underdogs, focusing on technology safety, security, and privacy over most governments.

Security researchers ranging from ethical or white hat hackers (who work with the authorization of system owners) to grey and black hat hackers (who operate within their own set of ethics versus a legal framework) provide real-time detection of exploitable vulnerabilities and intelligence without being overshadowed by government bureaucracy.

Never before in history has a war or cyberwar rallied so many tech and cyber experts from around the world to defend one country. Their groundbreaking work is what keeps major cyber-attacks in Ukraine out of the headlines and prompts so many journalists and policy makers to wonder why the cyber-attacks aren’t bigger. These experts’ activities don’t come without risk though, as many have been directly targeted by the Russian government with spyware, malware, and malicious slander on social media and false media websites. They often operate without any government protection, but they carry out their work anyway because they know that if operations are hacked, more lives will be lost and Ukraine’s critical infrastructure will fall. Numerous aid workers and Ukrainians trying to evacuate have already been killed, tortured, beaten, and arrested due to direct cyber targeting by Russians.

I’ll be speaking about some of the challenges Russian malware has posed in this cyber war at BSides Las Vegas and DefCon Skytalks in August 2022, detailing numerous malware attacks and the discovery and public revelation of what Microsoft has called the first violation of the Geneva Convention caused by malware.

The members of the tech community protecting Ukraine and trying to limit the effects of this cyberwar and prevent it from spilling over the border to EU and NATO member states are the hidden heroines and heroes of this war. Their tireless efforts have saved countless lives and infrastructure potentially worth billions of dollars. Going forward, both governments and militaries should consider the contributions of these unsung heroes and heroines as they seek to prepare more effective strategies for future cyber wars.


Chris Kubecka is the distinguished chair of MEI’s Cyber Security and Emerging Technology Program and the founder and CEO of Hypasec. 

Photo by Metin Aktas/Anadolu Agency via Getty Images

The Middle East Institute (MEI) is an independent, non-partisan, non-for-profit, educational organization. It does not engage in advocacy and its scholars’ opinions are their own. MEI welcomes financial donations, but retains sole editorial control over its work and its publications reflect only the authors’ views. For a listing of MEI donors, please click here.