Hızlı Bağlantılar

Hakkımızda

TR EN

PhD Dissertation:Nasim Tavakkoli, Evaluating the Impact and Strategic Role of Cyberwarfare in the Russia–Ukraine War

Evaluating the Impact and Strategic Role of Cyberwarfare in the Russia–Ukraine War

 

 

Nasim Tavakkoli
Cyber Security, PhD Dissertation, 2025

 

Thesis Jury

Prof. Erkay Savaş (Dissertation Supervisor)

Prof. Albert Levi

Assoc. Prof. Cemal Yılmaz

Prof. Kemal Bıçakcı

Prof. Suat Özdemir

 

 

Date & Time: December 19th, 2025 –  4:00 PM

Place: FENS L061

 


Keywords : Cyberwarfare, Cyberattacks, Cybercrime, Russia–Ukraine cyberwar, Cyber threat intelligence

 

 

Abstract

 

The Russia–Ukraine conflict, which began in 2022, has unfolded primarily on the physical battlefield. However, the conflict has taken place not only on traditional battlefields but also in cyberspace, making it one of the unique realworld examples of hybrid warfare in recent history. This dissertation presents a comprehensive analysis of cyberattacks throughout the Russia-Ukraine conflict, aiming to understand how these operations have evolved over time. The primary focus is given to examining the target preferences, attack techniques, and behavioral patterns of the actors involved. To this end, the research begins by examining the victims of DDoS attacks during the first year of the conflict to uncover the potential factors influencing their selection as targets. The second phase of the research adopts a broader perspective, examining the overall evolution of cyber operations in the Russia–Ukraine conflict from February 2022 through the first quarter of 2025. The analysis reveals that most cyberattacks during the Russia–Ukraine conflict were strategically motivated rather than direct responses to battlefield events. Attack intensity peaked early in the conflict and declined over time as priorities shifted. Findings demonstrated distinct behavioral patterns between pro-Ukrainian and pro-Russian groups. Ukrainian hacktivist activity decreased after the first year, while established Russian groups continued to maintain persistent operations. Russia maintained a higher and more sustained level of cyber aggression, extending operations beyond Ukraine to allied nations. The most commonly employed attack types included phishing, malware, disinformation, and DDoS, with many DDoS targets lacking DDoS protection and failing to implement improvements afterward. Destructive operations were more common early in the war but gave way to long-term espionage and disinformation. Attackers repeatedly exploited both known and zero-day vulnerabilities across numerous systems. Government, military, NGO, media, business, finance, and travel sectors were among the most frequently targeted. Overall, the findings illustrate how cyber operations evolved during a hybrid modern warfare.