Cyberspace has become a full-fledged battlefield in the confrontation between Russia and the West. Well beyond Ukraine, Moscow is deploying a strategy of attrition and destabilization, aiming less at destruction than at the gradual erosion of confidence in European and Atlantic institutions. A conflict that is diffuse, permanent and largely below the threshold of armed war.
Cyberspace as a revealer of contemporary changes in war
The war in Ukraine has emerged as a powerful indicator of contemporary transformations in military art. Drones, real-time intelligence, precision strikes, accelerated integration of the civil and military spheres: this conflict, which has now lasted almost four years, acts both as an operational laboratory and as a brutal accelerator of innovations. Cyberspace is no exception. Long perceived as a simple technical aid, it now appears as a battlefield in its own right, governed by its own doctrines, its hierarchies of targets and its specific temporality.
Recent analyzes by the Henry Jackson Society, combined with Western strategic debates, highlight the coherence of a Russian cyber strategy which goes far beyond the Ukrainian theater and is part of a long-term confrontation with Europe and the Atlantic Alliance.
Cyber as a political and psychological multiplier
Moscow sees cyber as a political and psychological multiplier. The primary purpose of a cyberattack is not to destroy, but to weaken. It aims to introduce doubt into the functioning of institutions, to disrupt the continuity of essential services and to create lasting uncertainty regarding the capacity of the State to protect its citizens. In this logic, the border between peace and war becomes deliberately blurred.
A non-binary conception of conflict
This approach is part of a non-binary conception of war. For Russia, there is no clear break between times of peace and times of conflict, but a continuum of confrontations in which states constantly measure each other by political, economic, informational and technological means.
Cyberspace constitutes, in this context, a tool particularly suited to the conduct of a conflict located below the threshold of armed confrontation. It makes it possible to act without escalating, to disrupt without destroying, to test adverse reactions and to maintain constant strategic pressure without triggering a direct military response. Cyberattacks, influence operations and digital intrusions are therefore not exceptional ruptures, but ordinary instruments of Russian power policy. Conflict becomes diffuse, permanent and reversible, making the classic distinction between war and peace which still largely structures Western strategic thought increasingly ineffective.
Ukraine as a strategic laboratory for cyber conflict
Since 2014, Ukraine has been a strategic laboratory for this approach. Cyberattacks have accompanied the armed phases of the conflict, sometimes upstream, sometimes in parallel, often downstream.
In December 2015, a coordinated attack against several Ukrainian electricity operators caused the first power outage attributed to a state cyber operation. A year later, a new offensive against kyiv’s electricity grid confirms Russia’s ability to penetrate and disrupt critical infrastructure without causing lasting collapse.
NotPetya: disguised sabotage and plausible deniability
In 2017, the NotPetya attack, initially deployed via Ukrainian accounting software, paralyzed administrations, large national companies and banks before spreading globally. Presented as classic ransomware, it was quickly identified as a disguised sabotage operation.
Investigations by several Western services attribute the operation to the GRU’s Sandworm unit, while showing that the attack was distributed using tools, infrastructure and methods borrowed from the criminal ecosystem. The software posed as cyberextortion, with no real possibility of decryption, excluding any financial logic. The use of codes and vectors specific to cybercrime aimed to mask strategic intent and delay state attribution.
Cyber as a tool of attrition before and during the 2022 invasion
On the eve of the February 2022 invasion, waves of data erasure attacks are targeting Ukrainian ministries, administrations, banks and telecom operators. The objective is to disorganize the state apparatus, sow confusion and amplify the effects of conventional strikes.
These operations were aimed less at astonishment than at the progressive wear and tear of society and the breakdown of the will to resist. This cumulative strategy reveals a detailed understanding of the vulnerabilities specific to hyperconnected societies, where the continuity of digital services conditions both civilian resilience and military effectiveness.
The limits of Russian cyber strategy in Ukraine
The Ukrainian case, however, highlighted the limits of this strategy. kyiv’s resilience, supported by close international cooperation and the involvement of Western private actors, has reduced the effectiveness of the most ambitious attacks.
This resistance has led Moscow to broaden its scope of action and use cyber as a vector of indirect pressure on Ukraine’s supporters, foremost among which are the member states of the European Union and NATO.
The European Union as a field of indirect pressure
Within the European Union, Russia primarily targets states perceived as both politically hostile and strategically exposed. The Baltic countries, Poland and Germany appear to be favored objectives because of their military, industrial or logistical role in supporting kyiv.
The operations carried out against them favor discreet intrusions, prolonged phases of network reconnaissance and limited disruptions. This involves mapping critical dependencies, testing crisis procedures and sending political signals without crossing the threshold of open escalation.
Calibrated attacks: Lithuania, Germany, Poland
In Lithuania, in the summer of 2022, after the restriction of transit to Kaliningrad, denial of service attacks target railways and public institutions, temporarily disrupting services.
In Germany, intrusions affect industrial companies, energy suppliers and logistics providers linked to aid to Ukraine, with the objective of gathering information rather than sabotage.
In Poland, repeated attacks on rail systems and certain critical infrastructure accompany its role as a major logistics hub, combining cyberattacks and jamming. The common objective is not paralysis, but the demonstration of vulnerability and the creation of levers that can be activated in the event of a crisis.
United Kingdom and France: strategic preparation and erosion of trust
This logic is also observed in the United Kingdom and France, according to adapted methods. In the United Kingdom, intrusion attempts target administrations, research universities, defense companies and operators of essential services, with a view to mapping dependencies.
In France, operations attributed to actors linked to Russia target sectors with high social visibility — health, local authorities, public services. Even when they are qualified as cybercrime, these attacks take place in a strategic environment where the line between opportunistic crime and state action is deliberately blurred.
The objective is not irreversible destruction, but the gradual erosion of confidence in the capacity of the State to ensure the continuity of essential services. These actions are sometimes supplemented by information campaigns immediately exploiting the incident to transform a one-off technical vulnerability into a lasting political and symbolic crisis.
A controlled intimidation strategy
Poland constitutes a particularly revealing case of this logic. The logistical hub of Western support for Ukraine, it is regularly targeted by operations affecting transport, energy and central administrations, in a logic of controlled strategic intimidation.
Moscow, on the other hand, avoids actions that are too destructive, which would carry a risk of political and security escalation.
This strategy is part of historical continuity. In the 1970s, the Soviet Union indirectly supported armed and revolutionary movements in order to strike at Western interests while maintaining plausible deniability.
The contemporary use of cyber responds to a comparable logic. Attacks are rarely claimed and are often carried out by groups presented as criminals or patriotic hacktivists, maintaining confusion between state action and private initiatives.
Psychological wear and tear as a central objective
Like terrorism indirectly supported by the USSR, Russian cyberoperations aim less at military victory than at psychological attrition, internal polarization and the delegitimization of institutions. Faced with a risky conventional balance of power, Moscow favors indirect tools capable of circumventing traditional deterrence.
Strategic issues for Europe, France and NATO
In this context, the challenge for the European Union, France and NATO is not only technological. It is fundamentally political and strategic. Cyber defense must be thought of as a central component of sovereignty and strategic credibility.
The protection of critical infrastructure, coordination between states and private actors, as well as the ability to attribute and respond proportionately to attacks, now constitute pillars of collective security. The main lesson is clear: cyberspace is a field of permanent conflict, a structuring instrument of a long-term confrontation between Russia and European countries.
 "Trent Williams and San Francisco 49ers Agree to Million Deal")
