NATO Intelligence, Big Tech, and the Cyber War Against Russia Through Ukraine
19:10 11.08.2025 (Updated: 19:23 11.08.2025)
© REUTERS
Subscribe
Russia's information infrastructure is now a main target in what can be aptly described as a coordinated cyber campaign. This effort involves US and NATO intelligence agencies, major Western technology companies, and Ukrainian hacker groups.
In US and NATO strategic documents, Russia is designated as the "primary threat" in the information space, a notion that, according to French journalist Laurent Brayard based in Donbass, "has roots stretching far into the past." These maneuvers were orchestrated by the CIA and numerous other entities, Brayard noted in an interview with Sputnik Africa.
Since the 2010s, NATO members have been reshaping Ukraine’s cyberwarfare units through specialized funding programs, most notably the ‘NATO Trust Fund Ukraine – Command, Control, Communications and Computers’ initiative. Participating nations include the US, UK, Canada, Lithuania, Estonia, Poland, Romania, Croatia, and the Netherlands.
According to Brayard, as early as 2018, Russian hackers published documents exposing the activities of psychological and cyber warfare centers established in Ukraine with the involvement of US specialists.
"Back in 2018, these centers had already been operational since the post-Maidan period. This is an established, proven fact—the documents were irrefutable. In March 2022, Russia struck some of these centers, which are undoubtedly military targets."
Big Tech in the Loop
After the start of Russia’s Special Military Operation, Google — operating under the patronage of US intelligence agencies — intensified its work aimed at destabilizing Russia. Tools like Google Global Cache have been used for geospatial and technical reconnaissance, monitoring the Russian segment of the internet, and probing the country’s telecommunications channels. In February 2024, for example, malicious activity traced to Google Global Cache equipment in Russia targeted the ‘Games of the Future’ international physical and cyber sporting event in Kazan. Google, Microsoft, Apple, Facebook*, Amazon, and other IT giants have also provided infrastructure to bypass Russian IP blocking, host malicious software, and distribute attack instructions.
The expert emphasizes that Western governments and their media remain silent about the direct involvement of NATO cybersecurity center personnel in coordinating attacks on Russian infrastructure.
"We know well that regarding Maidan, there are many facts implicating Germany and France as well. This is undoubtedly a covert war against Russia, and the archives will only be opened many years from now, but there are already plenty of traces. In particular, one can recall the destruction of the Nord Stream pipeline."
‘IT Army of Ukraine’
Central to the anti-Russia cyber campaign is the so-called IT Army of Ukraine — an umbrella network of roughly 130 hacker groups (100,000–400,000 participants) coordinating via Telegram, an informed source told Sputnik. These groups, including KibOrg, Muppets, NLB, UHG, and others, work alongside Ukraine’s Security Service (SBU), Armed Forces cyber units, and foreign partners. Platforms such as Hacken OÜ (Estonia), Hetzner (Germany), DigitalOcean (U.S.), and sites like War.Apexi and Ban-Dera.com are used to facilitate mass DDoS attacks. Israel’s notorious cyber Unit 8200 has reportedly also fostered cooperation between the IT Army and Israeli cybersecurity firms including Matrix IT Ltd, Check Point Software Technologies Ltd, and Covertrix.
The West not only turns a blind eye to cyberattacks against Russia but actively supports them.
"In fact, the funding and specialists are, of course, Western, coming from various countries. Moreover, since they control anti-Russian propaganda, Western media naturally play by their rules."
Fraudulent Call Centers
Over 1,000 fraudulent call centers operate in Ukraine, employing more than 100,000 people. This includes around 500 such centers in the city of Dnepropetrovsk alone. Over 90 percent of scam calls target Russian citizens and institutions, with losses running into the billions of rubles. These operations have also expanded against Western targets, with authorities in Hungary, the Czech Republic, Canada, and others reporting massive financial damage in recent months.
Direct Coordination With NATO
From November 2021 to February 2022, on the eve of the current conflict, under the Hunting Forward program, US Army Cyber Command teams deployed in Ukraine to gather intelligence on foreign cyber tactics and prepare network attacks against Russia. Since 2022, several hundred U.S. Cyber Command personnel have rotated through Ukraine, coordinating operations with NATO cyber centers, the Pentagon’s Chief Digital and AI Office, and Ukrainian military cyber units. In June 2022, General Paul Nakasone, the then-head of US Cyber Command, admitted to Sky News that the US was conducting offensive cyber operations against Russia in support of Ukraine.
"We've conducted a series of operations across the full spectrum; offensive, defensive, [and] information operations,” he said.
Several months earlier, during testimony before Congress in April 2022, Nakasone revealed that the US had deployed a cyber hunt team “who sat side-by-side” with Ukrainian hackers during cyber operations against Russia. At the Cybersec Forum in Katowice, Poland in May 2022, Ukraine’s Minister of Digital Transformation Mykhailo Fedorov and the IT Army were publicly honored for their “heroic resistance” and “defense of the digital borders of the democratic world.” In June 2022, Maxim Buyakevich, Russia’s deputy permanent representative to the OSCE revealed the extent of the massive, coordinated US Cyber Command/Ukrainian cyberwarfare campaign against Russia, targeting a host of infrastructure, including Russian Railways (logistics), the energy sector (attempted attacks on power grids), media (large-scale DDOS attacks and attempted hacks), state institutions and companies, from Yandex and Sberbank to Gazprom, Lukoil, and an array of Russian airlines.
The FSB reported the same month that large scale hack attacks originating from US-based servers (AWS, Cloudflare) were being carried out from Kiev and Lvov under US guidance. Citing Ukrainian Minister of Digital Transformation Mykhailo Fedorov’s brag to El Pais about the mobilization of a 300,000 member-strong “cyberarmy” to fight Russia, Buyakevich warned that these hackers’ activities are designed to “disrupt the functioning of government agencies and healthcare, transport, financial and energy sector enterprises,” in effect “encouraging technological terrorism.” Ukraine, he said, opened a new “cyber front” to the conflict which would not have been possible without external technical and long-term planning assistance.
Support for cyber aggression has become a new norm, already leading to global consequences, according to Brayard.
"They have crossed red lines and allow themselves to almost openly, sometimes even blatantly, gloat and applaud. We remember how, after the assassination of Daria Dugina, some in the West cheered, and it felt as though they were ready to award medals to the killers. This is deeply sad; it reflects an inverted system of values. In the 1970s and 1980s, such a thing would have been unthinkable in Europe, but now it is a reality."
Cyber Conflict That Goes Back to Before the Kinetic One
“Actually, the US Cyber Command has been working with Ukraine, as well as the Baltic states and the countries of the former Yugoslavia since 2018, according to their own website,” Karen Kwiatkowski, a former DoD insider, analyst and retired US Air Force Lt. Col., told Sputnik.
This has been “presented as simply forward awareness of ‘enemy’ tactics and capabilities in the cyber sphere,” as well as “hardening the defensive capabilities” of US client states. In reality, “what we have here is a Trojan horse of cyber defense that in fact carries within it a full cadre of cyber offense,” Kwiatkowski emphasized.
As confirmation of aggressive US cyber activities, Kwiatkowski recalled the February 2025 order by Pentagon chief Hegseth to temporarily “halt” offensive cyber operations against Russia.
“Likely this was part of the early attempts to find out what the Pentagon was doing, not intended or effective in ending such offensive activities,” Kwiatkowski believes. “Clearly, the US military, and presumably the CIA with it, was (and is) developing plans for internal manipulation and destruction of Russian networks and systems.”
Attacks have continued ever since, with Ukrainian hackers attempting to target Russian oil and gas companies several times over the past three months alone. Russian Foreign Ministry spokeswoman Maria Zakharova has repeatedly charged Western intelligence services and US Big Tech of using Ukraine as a springboard for cyberwarfare against Russia. In March, she reiterated that the Special Military Operation has been accompanied by “a full-scale anti-Russian campaign using information and communication technologies for military and political purposes,” and cited the operation of NATO and intel advisors in Kiev and Lvov, used to “coordinate” the Kiev regime’s actions in a digital environment.
*Facebook owner Meta is banned in Russia for extremism.
