NATO Intel, Big Tech and Cyber War on Russia via Ukraine

Sputnik International

Russia’s information infrastructure has become a primary target in what can aptly be described as a coordinated cyber campaign involving US and NATO intelligence services, major Western tech corporations, and Ukrainian hacker groups.

Since the 2010s, NATO members have been reshaping Ukraine’s cyberwarfare units through specialized funding programs, most notably the ‘NATO Trust Fund Ukraine – Command, Control, Communications and Computers’ initiative. Participating nations include the US, UK, Canada, Lithuania, Estonia, Poland, Romania, Croatia, and the Netherlands. Big Tech in the LoopAfter the start of Russia’s Special Military Operation, Google — operating under the patronage of US intelligence agencies — intensified its work aimed at destabilizing Russia. Tools like Google Global Cache have been used for geospatial and technical reconnaissance, monitoring the Russian segment of the internet, and probing the country’s telecommunications channels. In February 2024, for example, malicious activity traced to Google Global Cache equipment in Russia targeted the ‘Games of the Future’ international physical and cyber sporting event in Kazan. Google, Microsoft, Apple, Facebook*, Amazon, and other IT giants have also provided infrastructure to bypass Russian IP blocking, host malicious software, and distribute attack instructions. ‘IT Army of Ukraine’ Central to the anti-Russia cyber campaign is the so-called IT Army of Ukraine — an umbrella network of roughly 130 hacker groups (100,000–400,000 participants) coordinating via Telegram, an informed source told Sputnik. These groups, including KibOrg, Muppets, NLB, UHG, and others, work alongside Ukraine’s Security Service (SBU), Armed Forces cyber units, and foreign partners. Platforms such as Hacken OÜ (Estonia), Hetzner (Germany), DigitalOcean (U.S.), and sites like War.Apexi and Ban-Dera.com are used to facilitate mass DDoS attacks. Israel’s notorious cyber Unit 8200 has reportedly also fostered cooperation between the IT Army and Israeli cybersecurity firms including Matrix IT Ltd, Check Point Software Technologies Ltd, and Covertrix.Fraudulent Call Centers Over 1,000 fraudulent call centers operate in Ukraine, employing more than 100,000 people. This includes around 500 such centers in the city of Dnepropetrovsk (Dnepr) alone. Over 90 percent of scam calls target Russian citizens and institutions, with losses running into the billions of rubles. These operations have also expanded against Western targets, with authorities in Hungary, the Czech Republic, Canada, and others reporting massive financial damage in recent months.Direct Coordination With NATOFrom November 2021 to February 2022, on the eve of the current conflict, under the Hunting Forward program, US Army Cyber Command teams deployed in Ukraine to gather intelligence on foreign cyber tactics and prepare network attacks against Russia. Since 2022, several hundred U.S. Cyber Command personnel have rotated through Ukraine, coordinating operations with NATO cyber centers, the Pentagon’s Chief Digital and AI Office, and Ukrainian military cyber units. In June 2022, General Paul Nakasone, the then-head of US Cyber Command, admitted to Sky News that the US was conducting offensive cyber operations against Russia in support of Ukraine. "We've conducted a series of operations across the full spectrum; offensive, defensive, [and] information operations,” he said.Several months earlier, during testimony before Congress in April 2022, Nakasone revealed that the US had deployed a cyber hunt team “who sat side-by-side” with Ukrainian hackers during cyber operations against Russia.At the Cybersec Forum in Katowice, Poland in May 2022, Ukraine’s Minister of Digital Transformation Mykhailo Fedorov and the IT Army were publicly honored for their “heroic resistance” and “defense of the digital borders of the democratic world.” In June 2022, Maxim Buyakevich, Russia’s deputy permanent representative to the OSCE revealed the extent of the massive, coordinated US Cyber Command/Ukrainian cyberwarfare campaign against Russia, targeting a host of infrastructure, including Russian Railways (logistics), the energy sector (attempted attacks on power grids), media (large-scale DDOS attacks and attempted hacks), state institutions and companies, from Yandex and Sberbank to Gazprom, Lukoil, and an array of Russian airlines. The FSB reported the same month that large scale hack attacks originating from US-based servers (AWS, Cloudflare) were being carried out from Kiev and Lvov under US guidance. Citing Ukrainian Minister of Digital Transformation Mykhailo Fedorov’s brag to El Pais about the mobilization of a 300,000 member-strong “cyberarmy” to fight Russia, Buyakevich warned that these hackers’ activities are designed to “disrupt the functioning of government agencies and healthcare, transport, financial and energy sector enterprises,” in effect “encouraging technological terrorism.” Ukraine, he said, opened a new “cyber front” to the conflict which would not have been possible without external technical and long-term planning assistance. Attacks have continued ever since, with Ukrainian hackers attempting to target Russian oil and gas companies several times over the past three months alone. Russian Foreign Ministry spokeswoman Maria Zakharova has repeatedly charged Western intelligence services and US Big Tech of using Ukraine as a springboard for cyberwarfare against Russia. In March, she reiterated that the Special Military Operation has been accompanied by “a full-scale anti-Russian campaign using information and communication technologies for military and political purposes,” and cited the operation of NATO and intel advisors in Kiev and Lvov, used to “coordinate” the Kiev regime’s actions in a digital environment. Cyber Conflict That Goes Back to Before the Kinetic One “Actually, the US Cyber Command has been working with Ukraine, as well as the Baltic states and the countries of the former Yugoslavia since 2018, according to their own website,” Karen Kwiatkowski, a former DoD insider, analyst and retired Us Air Force Lt. Col., told Sputnik. This has been “presented as simply forward awareness of ‘enemy’ tactics and capabilities in the cyber sphere,” as well as “hardening the defensive capabilities” of US client states. In reality, “what we have here is a Trojan horse of cyber defense that in fact carries within it a full cadre of cyber offense,” Kwiatkowski emphasized.As confirmation of aggressive US cyber activities, Kwiatkowski recalled the February 2025 order by Pentagon chief Hegseth to temporarily “halt” offensive cyber operations against Russia. “Likely this was part of the early attempts to find out what the Pentagon was doing, not intended or effective in ending such offensive activities,” Kwiatkowski believes. “Clearly, the US military, and presumably the CIA with it, was (and is) developing plans for internal manipulation and destruction of Russian networks and systems.” * Facebook owner Meta is banned in Russia for extremism.

