Cyber warriors are preparing to defend Ukraine
24 March 2025 09:42
The Parliamentary Committee on National Security, Defense, and Intelligence recommended that the Verkhovna Rada of Ukraine adopt in the first reading the draft law “On the Cyber Forces of the Armed Forces of Ukraine” (12349). This was reported following a committee meeting, according to
As stated in the explanatory note to the draft law, the purpose of the law is to create a military and technical organizational structure within the Armed Forces of Ukraine in accordance with NATO standards, which will be responsible for Ukraine’s cyber defense, protection of its sovereignty and territorial integrity in cyberspace.
How the Armed Forces Cyber Forces will function
The Cyber Forces will become a separate structure within the Armed Forces and will perform specialized tasks in the field of cybersecurity. They will operate under the direct military command of the Commander-in-Chief of the Armed Forces of Ukraine.
The peculiarity of this structural unit of the Armed Forces of Ukraine is that the Cyber Force will temporarily – for the period of relevant cyber deterrence measures – be able to involve a civilian component – cyber reservists.
Cyber reservists are a trained human resource formed of Ukrainian citizens who have the necessary knowledge, training and skills to plan and perform specific cyber defense tasks, ready for rapid deployment to the Cyber Forces of the Armed Forces of Ukraine. Unlike conscripts, persons liable for military service and reservists, the status of a cyber reservist does not require the mandatory acquisition of military service status to join the ranks of the Cyber Forces of the Armed Forces of Ukraine, and may be periodic and temporary.
Who is currently countering cyber threats in the Defense Forces
The Cyber Incident Response Center, a new separate structural unit responsible for cyber defense in the Ministry of Defense, was established in October last year. According to the ministry, the Center’s personnel will monitor and respond to cyber incidents around the clock.
Prior to that, the cybersecurity team operated at the Ministry of Defense’s Center for Innovation. The separation into a special structural unit allowed to expand the area of responsibility in the field of cyber defense.
In the same month, the General Staff of the Armed Forces of Ukraine announced plans to create a Cyber Force within the structure of the Armed Forces of Ukraine. The draft concept of creating the Cyber Force as a separate branch of the Armed Forces was then discussed by representatives of the Ukrainian Defense Forces, members of the Verkhovna Rada Committee on Security, Defense and Intelligence, and experts.
As you know, Ukraine also has a Governmental Computer Emergency Response Team (CERT-UA) . It operates as part of the State Service for Special Communications and Information Protection of Ukraine.
Its tasks include accumulating and analyzing data on cyber incidents, maintaining a state register of cyber incidents; providing owners of cyber security facilities with practical assistance in preventing, detecting and eliminating the consequences of cyber incidents in relation to these facilities; interacting with Ukrainian computer emergency response teams, as well as other enterprises, institutions and organizations, regardless of ownership, that carry out activities related to cyberspace security, etc.
What cyber threats does Ukraine have to respond to?
Cyberattacks on military personnel, government agencies and local governments remain in trend, but their main target is more often a person who has access to such systems. This observation was shared by experts of the State Special Communications Service in a recent report “Russian Cyber Operations”.
“The main tools of cyber espionage are phishing and malware infection, and the weakest link in this case is a person,” the report says.
As noted, most corporate email servers use security tools, so hackers are increasingly refusing to send malware to victims’ mailboxes and preferring to attack through other means of communication. This is where messengers, which are also used by a large number of military personnel, come in handy.
Having enough information about the person and contact phone number, hackers impersonate others and start communicating with the future victim, usually using Signal.
During cyberattacks on military personnel, hackers also hijack messenger accounts to further spread spyware and phishing to compromise as many users as possible.
It is noted that voting in messengers has become a new way to hijack accounts. WhatsApp and Telegram messengers are very popular among Ukrainians. That’s why these messengers are in the crosshairs of Russian hackers.
A few days ago, the government’s computer emergency response team CERT-UA recorded multiple cases of cyberattacks aimed at employees of Ukraine’s defense industry and the military.
As CERT-UA noted at the time, in March 2025, the Signal messenger revealed the facts of the distribution of messages with archives, which allegedly contained a report on the results of the meeting. At the same time, in some cases, to increase confidence, messages could be sent from people from the list of existing contacts whose accounts had been compromised in advance.
