Ukraine War, Cyber and Electromagnetic Activities

Sub Title : CEMA continues to play a major role in deciding the outcome of the military operations

Issues Details : Vol 16 Issue 1 Mar – Apr 2022

Author : Maj Gen Harvijay Singh, SM (Retd)

Page No. : 34

Category : Geostrategy

: March 31, 2022

Marcus Willett, Senior Advisor Cyber at the International Institute for Strategic Studies, London has stated that  ‘One thing is clear: the marriage of cyber and kinetic warfare has been consummated’.  However, EW activities in Ukraine 2022 have been rather mild as compared to expectations. High-end, multidomain attacks are missing so far. The tempo could increase if and when the forces join into a more intense conflict and Russia decides on a manoeuvrist approach rather than be confined to roads in slow moving convoys

Russia’s land war in Ukraine is in some ways an extension of its long running Cyberspace war against the country.

  • In 2013, during mass protests against Ukrainian president Viktor Yanukovych for ending of the EU association agreement, private institutions and the government systems were hacked presumably by Russian hackers.
  • Russian Cyberwarfare heightened on 23 Dec 2015 with hacking of the Ukraine Power Grid resulting in power outages. This was the first successful Cyber Attack on a Power Grid.
  • In Dec 2016, the State Treasury was hacked and paralysed. Consequently, workers and pensioners were unable to receive their salaries on time.
  • The NotPetya Malware on 27 June 2017 swamped websites of Ukrainian banks, ministries, newspapers and electricity firms. There was a spill over of these attacks to other European countries, USA and Australia. It became the largest known Cyber Attack ever.
  • Leading up to the war, on 14 Jan 2022, a day after US-Russian negotiations on Ukraine’s future in NATO failed, a cyberattack took down more than a dozen of Ukraine’s government websites. The attack on Ukrainian websites included a warning to “be afraid and expect the worst”.
  • On 15 Feb, another cyber-attack took down multiple government and bank services.

This time, unlike in 2017, the Russians will avoid a spill over to avoid escalation of the Cyberwar. The chances of a Cyber World War happening are much greater than a Kinetic World War. NATO whilst bracing for attacks across its physical borders must prepare appropriately for breaches in the cyber domain.

Ukraine secure under the promise of NATO protection was a late starter. They have now deployed a government-led volunteer Cyber unit that is designed to operate offensively. They have launched a few DDoS attacks against Russian websites, infrastructure businesses, such as energy giant Gazprom, banks, government websites. On 27 Feb 2022 it targeted websites registered in Belarus. However, this is not a regular trained and coordinated group. These Ukrainian novices can create havoc with unplanned, uncoordinated OT attacks. Their aggressiveness can spill over to critical structures on both sides with unmanaged consequences; Cyber when used as a weapon needs to be cautiously handled to a plan by specialists.

Global Cyberwar

Two iconic historic cyberweapons that have been developed are the Stuxnet and the NotPetya. Presumably, the  USA developed Stuxnet and the NotPetya has been developed by the Russians. Both malwares escaped from their assumed targets into the wider world. This was probably accidental – but similar accidents could lead to wider implications during a period of global geopolitical tensions as NOW.

Cyber-attacks: Complexity

  • Are very complex operations.
  • Start with Measures like Phishing, planting of Malware and seizing of Supervisory Control and Data Acquisition (SCADA).
  • These initial and other Advanced Persistent Threats (APT) help specialists pursue their targets, mapping them for the right moment.
  • Simultaneously and selectively Cyber-attacks may be launched – disabling/destroying IT infrastructure components (UPSs, modems, RTUs, etc), destruction of files stored on servers and workstations and Distributed Denial-of-Services (DDoS) attacks.

Pre-War Cyber Softening and Electromagnetic Activities

  • As Russia was gearing up for its Kinetic Attacks, Ukrainian government websites were hacked in Jan/Feb 2022 and defaced with messages suggesting the DDoS attack was in response to the country’s pro-Western stance. They used new and destructive malwares: Whisper Gate and Hermetic Wiper; wipers disguised as ransomware to corrupt local disks by overwriting the Master Boot Record (MBR).
  • An interesting contemporary technique of monitoring GPS radiofrequency interference gives excellent surveillance inputs: it signals impending military activity. Leading up to the Russian invasion, American geospatial analysis companies reported continual and increasing GPS interference in Donbas. Russians were jamming space-based assets using a Russian R-330Zh Zhitel EW system.
  • The disinformation war is ongoing with the Russian aggression preceded by propaganda and manipulation of opinions. The rest of the world has responded likewise to make Russia appear as a dangerous and violent aggressor. The Russians call it Reflexive Control: A means of conveying to an opponent specially prepared information to incline him to voluntarily make predetermined desired decisions. The West prefer to call it Perception Management; they may start calling it Perception Controlling when it involves the leadership.

Theme: Russia’s Disinformation Narrative

The theme has had a deliberately deceptive narrative to convince a population that the narrative is in the absolute truth. Disinformation becomes very dangerous when facilitated by a far-reaching distribution means – the Social Media. Some bits of Russia’s disinformation narrative:

  • Ethnic Russian minorities are suppressed in Ukraine and EU-countries; Xenophobic Russophobes.
  • The West is always trying to limit Russia’s global influence and power; diktat rather than dialogue.
  • Russia is a superpower and has the right to influence. The ‘objective’ sphere of its influence is the Commonwealth of Independent States (CIS); the west seeks Geo-Political Adventurism close to Russian Borders.
  • The western individualism is destructive; plotting ‘colour revolutions’ across CIS, Asia and Africa.
  • Collective consciousness is the traditional form of consciousness for Russians, the Russian Orthodox Church is the only right religion. Morality is dying in the West; the decaying west.

Ukraine’s  Social Media Campaign.

President Volodymyr Zelenskiy’s is leading Ukrainian social media campaign simply using his mobile phone. His posts have led to the launch of the popular hashtag #STANDWITHUKRAINE, which has helped spread awareness about the war; the impact is global when he praises his fighters or seeks military aid. Weaponizing the social media is here to stay.

Electronic Warfare (EW)

Every modern high tech weapon system is a dud without access to spectrum as per Jan Kallberg, a scientist at the Army Cyber Institute. While these are early times to analyse the success of EW operations, contemporary EW capabilities are discussed.

  • Ukraine manufactures a wide range EW equipment, its Armed forces may have acquired and fielded some of these and improved on their legacy systems. Chances are that they are very few in numbers to make any noticeable impact. This state is similar to their Tanks. Ukraine has the largest number of Tanks in Europe – all obsolete, lacking adequate protection, outgunned and no match to the Russian Tanks.
  • Ukraine has developed the Bukovel-AD anti-UAV system, to counter the Orlan-10 UAV of Russia. Bukovel-AD detects UAVs at 100 km, effective range of up to 50 km. Its Radio Frequency countermeasures interfere with the datalink between the UAV and its Ground Control Station (GCS). It can jam the Global Positioning System (GPS) and Global Navigation Satellite System (GLONASS) control and navigation signals, with a maximum suppression range of 16 km. During the Russian troops build-up, Bukovel-AD was deployed in Donbas and tested against the Russian UAV Orlan-10, which is a is a medium-range, multi-purpose UAV. It is capable of aerial reconnaissance, observation, monitoring, search and rescue, jamming, detection of radio signals, and target tracking in hard-to-reach terrains.
  • Frequent use of UAVs by Russian-backed rebels in Donbas was the driver behind development of the Nota EW system, designed for perimeter protection, detecting and jamming UAVs at a range of 20 km. The system also has the ability to jam cellular communications within 1 km. It is intended to operate predominantly in a stealth mode and commence jamming only upon the detection of a threat. In addition to its anti UAV role, Nota also has the capability to detect RF signals – GSM, VHF, LTE, and CDMA – radar emission in the L, S, C, and X frequency bands, and the GPS, GLONASS, and BeiDou satellite systems. It apparently is a very versatile equipment.
  • The Mandat-B1E R-330UM is intended for cancellation of ground communication channels with both fixed and programmable frequency-hopping, regardless of the type of modulation used, with speeds up to 1000 hops per second within HF and UHF frequency bands. Selective jamming (both on time and frequency) as well as barrage jamming to disrupt and jam all previously detected frequencies.
  • The Anklav system has the ability to jam and interfere with the control and telemetry channels used by precision-guided munitions – and UAVs in the 400–2,500 MHz frequency range. It has a range of up to 40 km using directional antennas, and up to 20 km with omnidirectional antennas. It has reportedly been effectively used in Donbas.
  • Russia has used EW technologies in recent years in combat in Syria and the Donbas region in eastern Ukraine.
  • Russian doctrine favours rapid employment of EW to paralyze and disrupt the enemy early in a conflict. There was an expectation that the Russian invasion of Ukraine would follow in the wake of a massive EW attack from the start. Nothing really noticeable has however happened so far. There may be many reasons but some that appear logical at this stage are as under:
  • The Russians perhaps underestimated Ukrainians resistance / overestimated their own abilities. They joined the battle without EW assets and now it may be too late to integrate them with their road bound extended moving/stationary military columns. Simply owning EW hardware is not enough. Operational integration requires planning, coordination, and training. Commanders have to develop these instincts as a part of their Operational Art learning and plan.
  • The Ukrainian Army is likely to be operating decentralized with paramilitaries and armed civilians thrown in. Not many useful Command and Control and other telemetry targets will be available for conducting EW by the Russian forces.
  • Russian EW systems and concepts are tuned towards massed and integrated armies. Unlike the Indian Army, they have not operated in a CI environment and have little experience of targeting isolated and individual targets.
  • Fearing a wider conflict with NATO, the Russians do not want to expose the electromagnetic signatures of their EW equipment or tactics at this stage of the war.


Conclusively, EW activities in Ukraine 2022 have been rather mild as compared to expectations. High-end, multidomain attacks are missing so far. The tempo could increase if and when the forces join into a more intense conflict and Russia decides on a manoeuvrist approach rather than be confined to roads in slow moving convoys. Looking back from the 2014 invasion of Crimea and the conflict in Donbas it abundantly clear that UAVs and Space Based Assets and their electronic countermeasures have a big role to play in all future war.