Cybersecurity expert Yehor Aushev: “When Russia can no longer launch missile strikes, it will intensify its cyber operations”

Cyberwarfare is in full swing. Experts describe the Russian-Ukrainian conflict as the world’s first full-scale cyberwar, taking place in parallel with military operations on land, in the air and at sea. In 2022–2023 alone, Russia carried out 4,700 cyberattacks against Ukraine, according to CERT-UA and the State Service of Special Communications and Information Protection. More than 200 were aimed at destroying data or crippling critical systems.

Such an onslaught requires an adequate response. Several dozen countries already have cyber forces in place, including the United States, China, Germany, the United Kingdom, Israel and even Estonia. Experts believe that the cyber units of the Russian Armed Forces are among the five largest and best funded in the world.

Ukraine has not yet established its own cyber force. A draft law on the matter has been before parliament since 2024. Yehor Aushev — a cybersecurity expert, CEO and co-founder of CyberUnit.Tech and the Ukrainian cyber training ground UnitRange.com, and a member of the team at the non-governmental organisation Institute for Cyberwarfare Research — explained why the creation of a cyber force has stalled and whether there is any prospect of it being established soon; how Russian hackers gain access to Ukrainian systems; whether a single successful cyberattack could alter the course of the war; and whether young Ukrainians will need mathematics if the country is to maintain its cyber defences in the future. 

Yehor Aushev
Photo: Provided by the press service
Yehor Aushev

No law — no modern cyberweapons

Mr Aushev, when did Russia’s cyberwar against Ukraine begin? Was it during the ATO/JFO period, when Sandworm (the cyberwarfare unit of Russia’s military intelligence service) first became active?

Probably in 2013–2014. The first major cyber operation was NotPetya (a virus that paralysed companies’ computer systems; a third of banks, Nova Poshta, energy companies and others were affected. — Ed.).

Cyberwarfare had been taking place around the world even before that. In 2007, Russian hackers attacked Estonia. The most famous conventional cyber operation was carried out in 2010 by the United States in collaboration with Israel. A programme called Stuxnet silently disabled uranium enrichment centrifuges in Iran until they self-destructed. Since then, the destructive potential of cyberweapons has become clear.

Has anything fundamentally changed in Russian tactics since the start of the full-scale war?

Since 2022, the Russians have structured their special operations to apply constant pressure. They do not simply carry out an operation and withdraw; instead, they sustain pressure and combine cyberattacks with cognitive operations. They use disinformation to undermine trust in, for example, a government institution, and then launch an attack.

The main change in tactics is that they are using AI in 95 per cent of their attacks. The Russians are quick to adopt new technologies, and they scale up attacks very rapidly. This is where our Western partners can help us — just as they limited Russian access to Starlink, giving Ukraine an advantage on the battlefield. If they can restrict the Russians’ use of AI, this will provide us with an advantage in cyber operations.

Yehor Aushev with colleagues
Photo: Dou.ua
Yehor Aushev with colleagues

Is it possible to restrict it?

It is not as straightforward as with Starlink, but I believe it is possible. NATO’s military doctrine officially recognises cyberspace as the fifth domain of operations, alongside land, sea, air and space. Combat operations are already taking place there; it is now time to consider how to forge alliances in cyberspace, contain adversaries and seek ways to achieve dominance in this domain.

We need to develop our own technologies and build diplomatic bridges with partner states in order to act effectively. There are many different types of cyberweapons, but Ukraine currently possesses only a limited number of them. We are developing our own, although they are not yet world-class, whilst our partners provide such capabilities only on a limited basis and for specific purposes. These are issues that also need to be addressed, particularly through the law on cyber forces.

Is a cyberweapon essentially a virus capable of disabling an enemy system?

It is any tool capable of affecting a device in the physical world or influencing the course of hostilities. For example, gaining access to someone’s smartphone screen. Do you remember how the NSO Group accessed messages on the devices of four presidents (the 2021 scandal in which several world leaders, including French President Emmanuel Macron, became potential targets of surveillance via the Pegasus spyware programme developed by the Israeli company NSO Group. — Ed.)? Unique information is also a weapon. Having access to a president’s or a king’s phone provides a tremendous advantage in negotiations or military operations. The same applies to access to the phones of Russian generals, for example.

Cyberweapons are nothing new, but in Ukraine there is still no clear co-ordination of offensive cyber operations. Partner-provided licences and domestically developed tools are not being used as effectively as they could be because the area remains largely unregulated. Offensive cyber capabilities can be developed within Ukraine’s security services, but the process is not particularly well co-ordinated at the state level.

Yehor Aushev
Photo: Provided by the press service
Yehor Aushev

Security is being stepped up, but there are still plenty of gaps

How well protected is Ukraine in cyberspace? We used to be seen as a testing ground for Russian cyberattacks. Has anything changed in recent years?

We have made significant progress in defending the country. This is because some high-level specialists have been mobilised and are now working at the State Special Communications Service and other agencies. State and regional security operations centres are currently being set up (centralised units that monitor, analyse and protect IT infrastructure — Ed.), and response teams, the SBU’s cyber units and the cyber police are all active. The Armed Forces of Ukraine are also developing these areas.

However, progress is uneven. Central facilities (critical infrastructure sites, central government bodies, etc.) are being significantly strengthened thanks to Western partners and the efforts of mobilised specialists. The private sector is also involved; in particular, our NGO, the Institute for Cyberwarfare Research, is constantly providing support to the public sector free of charge. But at the level of local communities and municipal administrations, the situation remains weak. And they only find out that a hacker has infiltrated a system once something has already been compromised. Regional infrastructure is far more vulnerable, which is ideal for hackers. They don’t go through armoured doors; they climb in through an open window. Hospitals and regional enterprises are weak links; they are exploited to gain access to central structures. 

Within the public sector, some areas are well-protected, whilst others still have a long way to go. And more than half of all attacks are now directed at the regions and the private sector. Russia is stepping up its efforts, creating private groups that operate under the cover of the security services: the FSB and the GRU. Some focus on the financial sector, others on the energy sector. They don’t care who they target. They’ve infiltrated and are lying low, waiting until a common infiltration target is established so they can be activated there. For example, ahead of a meeting between the president and NATO or similar, to bring the system down and expose our vulnerabilities. Whilst the Russians are still able to strike with missiles, they are preparing for large-scale cyber operations. When they can no longer carry out missile strikes, they will increasingly deploy their capabilities in cyberspace.

Is this a matter of many months’ work?

On average, a cyber operation takes three to six months to prepare and can be carried out in a single day. Hackers usually remain in systems for up to a year without revealing their activities — and no one suspects a thing unless there are regular audits. The world is moving so fast that everything technology can do — scanners, audits — will be replaced by AI. We need to teach people how to use it and understand the risks involved in applying these technologies. Everyone, from managers to rank-and-file staff, must understand the potential sources of information leaks and how to apply AI. This skill will make us more resilient. This is precisely what we teach at our cyber training centre.

Official opening of Cyber Range UA
Photo: Dou.ua
Official opening of Cyber Range UA

Are the central organisations mentioned — such as Ukrzaliznytsya, for example? It suffered a major cyberattack over a year ago, but is it now fully prepared?

Technically skilled people have been brought in there. But cybersecurity and cyber resilience present a constant stream of new challenges. The race is won by whoever moves faster: the attackers or the defences. New technologies are accelerating the process, and we need to adapt to their use. In the US, for example, the board of directors of public companies going public via an IPO (an initial public offering, the first public sale of a private company’s shares to the general public. — Ed.) must include at least one person with a background in cybersecurity. And we must apply these practices to digitalisation. If you’re not sure you can digitise safely, it’s better to put it off until later. It’s better to leave something in the analogue world than in a digital one that isn’t entirely secure. A lot of work is needed to ensure that a digitised system doesn’t allow for data loss, even in theory. 

Are you talking about platforms like Diia?

To avoid causing panic, let’s not discuss that. It would have been possible to build some sort of cyber component around it, but I don’t see that they’ve made any significant changes to the infrastructure over the last few years, or brought in ethical hackers for testing or anything like that. It’s a process that needs refining. You can never have too much cybersecurity, especially when dealing with personal data. We hope to see changes there. 

Cyber forces will be able to attack, not just defend

On the subject of our own cyber forces. Why is a separate command and a separate branch of the Armed Forces needed, when there are already relevant structures within the SBU, the State Special Communications Service and elsewhere?

A few weeks ago, the Institute for Cyberwarfare Research brought together everyone concerned by this issue. Representatives from the Ministry of Defence, the SBU, the State Special Communications Service, the Defence Intelligence of Ukraine, the Foreign Intelligence Service, the National Security and Defence Council, the Office of the President, and the border guards. It was a high-level meeting. People who know their stuff. Some had been involved in drafting the bill, which passed its first reading in the Verkhovna Rada (Bill No. 12349 ‘On the Cyber Forces of the Armed Forces of Ukraine’, supported and adopted in principle in October 2025; it establishes the legal framework for the formation of a separate branch of the armed forces in accordance with NATO standards. — Ed.).

Yehor Aushev
Photo: Provided by the press service
Yehor Aushev

Almost every stakeholder already has its own initiatives in this area. We agreed that a certain degree of competition is beneficial, but cyber forces are needed to conduct offensive cyber operations. Defence and attack are two different worlds, with distinct cultures and areas of expertise. At the same time, anyone involved in defence must understand how offensive operations work. Conducting such operations effectively requires high-level co-ordination, a clear division of responsibilities and proper oversight. This is precisely why cyber forces need to be established within a formal legal framework.

There are already some developments, and they are impressive. Results will follow, but such specialists need official status to perform their work effectively. Otherwise, we risk repeating what happened at the very beginning of the full-scale war.

I personally assembled a cyber army in February 2022 — up to a thousand highly skilled, certified professionals. Some worked as volunteers, while others were mobilised. But there was no framework within which they could operate. They worked for several months and were then handed automatic weapons. Many of them are no longer alive. And genuine hackers are rare; they are difficult to train and require decades of experience. They are unique specialists. If we want this field to develop, there must be clear rules governing their service. It should not depend on some random official saying: “Don’t worry, go ahead, and I’ll protect you.” Because tomorrow that person may be reassigned, while the hacker is left without support or protection.

At present, cyber specialists are not officially permitted to use or develop certain software. Cyber forces that do not formally exist cannot transfer capabilities or place procurement orders. Their official salaries are also far too low: they are based in the rear and earn around 20,000 hryvnyas, despite being able to earn 100,000 or more even through part-time civilian work. In other words, they need to be given proper authority and protected rights. Yet it was not in the interests of certain actors for this to happen. As long as the work of cyber specialists remains a grey area — opaque and poorly regulated — they can be co-opted, disbanded or subjected to pressure.

Among those involved in discussions at the time, no one opposed the creation of cyber forces. We have finally reached a consensus, and now the Verkhovna Rada simply needs to pass the bill at its second reading.

These forces may not be perfect from the outset and will continue to evolve. However, if they are not granted official status, new qualified specialists will not join them. We will have no choice but to compel people to serve. Instead, we have an opportunity to create an elite unit capable of carrying out high-profile operations against the enemy. With so many talented professionals available, we simply must do it. They will pass on their knowledge and expertise, and the entire field will develop from there.

Are there enough people available? Has the brain drain not had an impact?

The main advantage of this approach is that it allows us to recruit young people aged 18–20. Their minds operate at peak capacity. It is our generation that needs to retrain, whereas working with AI comes naturally to them; it is simply how they solve problems. That is why these young people can be recruited, assigned to cyber roles and then demobilised when their service is complete. The more transparent the rules governing entry and exit are, the more talented people and innovative technologies will be attracted to the sector.

Department of Cybersecurity at the Kyiv Aviation Institute
Photo: FACEBOOK/DEPARTMENT OF CYBERSECURITY at the Kyiv Aviation Institute
Department of Cybersecurity at the Kyiv Aviation Institute

How much should such a specialist be paid to keep them engaged?

The benefits may be indirect. In Israel, the system is structured in such a way that people working in similar units go on to become the start-up elite. Every product they create has already been tested in real-life situations. They know offensive operations like no one else. This is how an entire ecosystem emerges. And our retired cyber officers will shape the Ukrainian cyber industry.

They should be paid as much as military personnel — but specifically those engaged in active combat operations. Because this is active combat, just on the internet. And after their service, I would be delighted to take on specialists with such experience in my own business.

Can a single cyberattack turn the tide of war? Which area should our efforts then be directed towards? What is Russia’s vulnerability in the digital world?

Let’s not give them any clues; they read everything very carefully. The best cyber operation is one the enemy doesn’t yet know about, but which is already underway. If the enemy takes a long time to find their vulnerability — that’s ideal. And not just to destroy something, but also to gather information. Or to substitute information, which is even better than destruction, because you can confuse the enemy, and they won’t notice there’s been a leak.

Of course, a single cyberattack can turn the tide of war. But the Russians are pursuing a strategy of constant cyber operations, and we too must put pressure on them through cognitive and cyber operations that will prevent them from operating effectively.

Department of Computer Science at the Kyiv Aviation Institute
Photo: FACEBOOK/DEPARTMENT OF Computer Science at the Kyiv Aviation Institute
Department of Computer Science at the Kyiv Aviation Institute

But is the involvement of real people (traitors) necessary in such operations?

Real people are needed to make effective use of technology. You can make a small hole in a wall with a hand tool, or you can use a laser — so that not even a seam is visible. Our task is to use lasers as much as possible.

Of course, insiders are sometimes needed. Social engineering is used too. It’s like how USB sticks used to be left in car parks: someone would find one, plug it into their device and infect it. You might need either an insider (a traitor) or someone who doesn’t realise they’re harming their own company. And sometimes everything is handled end-to-end from the outside, without such participants. The best approach is a combination of good old-fashioned methods and AI. The best results come from a combination of people and technology.

The battle for talent and the cyber future

What sort of specialists will the cyber forces of the future need?

We can create the right conditions today to make people want to join them. We should organise the selection process just as we would for a good job. As there are currently no clear laws or regulations, the state’s cyber defence sector employs both top-class specialists and those who have simply been assigned to it. If we bring order to this, it will make it much easier to build up cyber forces.

How should we train such people? By investing in the relevant areas of education? Recently, social media has been discussing the need for a national maths test: should children be taught maths, or do hackers need completely different skills?

Maths and English are the foundation. When friends ask me which courses to enrol their children in, I say that a solid grounding in maths and English opens up paths in various fields within the tech world. Of course, education is important. I teach at KAI and can see that this generation has had to cope with Covid and the war — not exactly the best time for studying — but we must motivate them. Here at KAI, we’ve set up a team that takes part in hacking competitions. Motivation isn’t about writing on a blackboard with chalk; it’s about getting them involved in these kinds of activities. There’s the Ukrainian Cyber Range, and there are free global hacking training programmes. In other words, there are countless ways to motivate and learn. Investing in talent is how we safeguard our future.

Yehor Aushev
Photo: HROMADY.ORG
Yehor Aushev

Is it realistic to recruit foreigners into the Ukrainian cyber forces?

It depends on our policy. I’ve had many foreigners write to me about this. At one conference, I suggested: here are the occupied territories, and within them lies occupied cyberspace (registries, cloud storage) — come to Ukraine and help with the cyber-liberation of these lands. You wouldn’t even be breaking the law by doing this; there’s no need to send soldiers here. As a state, we simply say that we’ll be conducting our cyber exercises in Crimea — and we go ahead with them. And nobody is breaking any laws, because this is Ukrainian territory and foreigners are allowed to take part in such operations. And people who were interested in this have approached me. We need to establish such a mechanism at the state level. Nothing is impossible in cyberspace.

Could, say, an Indian sit in Delhi and be part of the cyber forces?

Yes, but under current legislation, he would be breaching international law. However, if this were to take place on Ukrainian territory and we were to create a special status for him—as an international cyber combatant, for example—then it would be possible. This issue has not yet been fully explored globally, but it is of interest to many.

Do the Russians recruit foreign hackers?

They make extensive use of Chinese, Belarusians and North Koreans in cyberspace. 

You mentioned that AI accelerates and scales up operations. Please give some examples.

Recently, the Russians carried out a deepfake attack on a Ukrainian ministry. The attack took place via a video call: the manager (actually an AI-generated image) ordered a subordinate to carry out certain tasks. Previously, it took time to create such content, but now faces and voices can be replaced in two seconds.

During the Kyiv International Cyber Resilience Forum
Photo: Provided by the press service
During the Kyiv International Cyber Resilience Forum

Another point is the dissemination of information. I am also the founder of the Kyiv International Cyber Resilience Forum. We recently held a hacking competition at the conference. The 30 best Ukrainian teams took part, including one with no human participants—just AI agents. And it came second! It beat top-class teams from the SBU, the NBU and others, thanks to the fact that AI agents can quickly identify and analyse vulnerabilities or disseminate information when needed. They spread it simultaneously to thousands, even hundreds of thousands of locations; they search for vulnerabilities across millions of resources at the same time; and they simultaneously plant fake information or viruses within them. It turns out that 28 teams are already lagging behind the AI agents. And that was half a year ago. We’ll do it again next year, and I think the AI team will take first place by a clear margin. AI acts quickly, especially when guided by a smart person.

What will the main cyber threats be over the next 5–10 years, and where will Ukraine stand in global cybersecurity?

Two huge waves are heading our way: AI and quantum computers (which can maintain countless states simultaneously and solve extremely complex mathematical problems in seconds. — Ed.). These devices will appear in just two or three years’ time, and this will be a real challenge. Experts are talking about the next stage — the post-quantum era. When a quantum computer will be able to crack any cryptography (crack passwords to an email account, for example) in a fraction of a second.

These two waves are heading our way, and we must either ride them or they will sweep us away as a country.

I believe the main challenges of the future will revolve around the confrontation between AI and AI on opposite sides of the divide. Our task is to teach people how to use AI effectively and interact with it. We need to invest in training staff and refining AI models and infrastructure so as not to fall behind.

Advertising
Advertising