Mobile Networks and Cyber Operations Enabling Drone Warfare in the Russia–Ukraine Conflict
Ukrainian hacktivists linked to the Fenix cyber analytics center, supported by InformNapalm, reported compromising accounts belonging to dozens of Russian military personnel and gaining access to monitoring systems used by Russian attack-drone operators. The operation allegedly enabled covert, near real-time surveillance of drone-operator activity and the transfer of collected data to Ukrainian Defense Forces, and it was cited in reporting around Ukraine’s decision to sanction Belarusian leader Alyaksandr Lukashenka over Belarus’s role in enabling Russia’s use of repeater infrastructure on Belarusian territory to extend UAV control and expand strike reach into northern Ukraine, including against energy and rail targets.
Separately, Dutch intelligence services (AIVD/MIVD) warned that Russia is intensifying a broader hybrid warfare campaign across Europe—combining cyberattacks, sabotage, disinformation, covert influence, and espionage—to undermine public trust and weaken support for Ukraine while staying below the threshold of open war. In parallel, telecom-focused research highlighted how public mobile networks are increasingly being used as command/telemetry links for combat drones, citing examples from the Russia–Ukraine war and describing how 4G/5G standards work (e.g., 3GPP enhancements in Releases 15–18) has made cellular-connected UAV operations more feasible—raising infrastructure-security concerns for mobile operators and national critical infrastructure.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
11 events from the most recent confirmed update back to the earliest known activity.
Zelenskyy sanctions Lukashenka over Belarus's support for Russian UAV operations
On February 18, 2026, Ukrainian President Volodymyr Zelenskyy imposed sanctions on Belarusian leader Alyaksandr Lukashenka, citing Belarus's role in enabling Russia's war effort, including support for attack UAV operations.
Compromised Russian drone operators are covertly monitored
During the cyber operation disclosed in 2026, Ukrainian hacktivists allegedly maintained round-the-clock surveillance of Russian attack drone operators and rapidly passed collected intelligence to Ukrainian Defense Forces.
Ukraine-linked hacktivists begin months-long operation against Russian drone operators
Over a months-long campaign in 2025, hacktivists from the Fenix cyber analytics center, with InformNapalm volunteers, allegedly compromised accounts of dozens of Russian military personnel and accessed systems used by attack drone operators.
Russia deploys UAV repeater systems in Belarus
In the second half of 2025, Russia reportedly deployed repeater systems in Belarus to control attack UAVs, extending strike reach into northern Ukrainian regions including areas from Kyiv to Volyn.
Russian authorities increase temporary mobile shutdowns after airfield attack
Following the June 1, 2025 strike, Russian authorities reportedly expanded temporary mobile network shutdowns, suggesting recognition that cellular networks were being used as a drone-control channel.
Ukrainian strike hits five Russian airfields using mobile-connected drones
On June 1, 2025, Ukraine reportedly carried out a drone strike on five Russian airfields using public mobile connectivity for telemetry, command, and imagery during the operation.
Russian drone operations expand cellular use to video and command links
By 2024, Russian forces had reportedly broadened their use of mobile connectivity from telemetry to include video transmission and command-and-control for drones.
Russian forces begin observed experimentation with cellular-linked drones
From late 2023, Russian drone use over Ukraine was reportedly observed incorporating public mobile networks, initially for telemetry functions.
Ukraine reports SIM-based drone telemetry and activation incidents
By mid-2023, public reporting from Ukraine cited incidents in which drones used SIM-based connectivity for telemetry or activation, indicating early wartime use of mobile networks in drone operations.
3GPP starts standardizing mobile-network support for drones
Through 3GPP Releases 15 through 18, the mobile industry developed standards for using cellular networks with drones, advancing capabilities for telemetry, command, and data links.
Telecom industry begins cellular drone connectivity trials
In the mid-2010s, telecom vendors and standards bodies began exploring how public mobile networks could support drone communications, laying groundwork for later battlefield use.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
Ukrainian hackers uncover how Russian drone operators are using Belarus - DataBreaches.Net
databreaches.net
Open sourcePublic mobile networks are being weaponized for combat drone operations - Help Net Security
helpnetsecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Rising Drone Threats to Military and Critical Infrastructure in Europe
The UK Ministry of Defence reported a sharp increase in **drone sightings near British military bases**, citing **266 incidents** last year versus **126 in 2024**, and linked the trend to concerns about hostile reconnaissance of sensitive defence sites, including airbases used by the **US Air Force**. In response, the UK government is moving to expand authorities under the **Armed Forces Bill** so designated military personnel can directly intervene against threatening uncrewed systems—covering **air, land, and submersible drones**—without first requiring police involvement. In Ukraine, **SpaceX and Ukrainian authorities** implemented an **emergency measure** to disable **unauthorized Starlink terminals** being used to control Russian long-range drones, following reports that Russia continued leveraging Starlink-enabled connectivity for strikes deeper inside Ukraine. Ukrainian officials characterized the action as a temporary fix that may also disrupt some legitimate users, while SpaceX and Ukraine pursue a more durable approach to prevent unauthorized use of the satellite service in contested environments—highlighting how **commercial communications infrastructure** is being exploited as part of drone-enabled warfare and broader hybrid threats across Europe.
Mar 21, 2026
Escalating Russian Hybrid Warfare and Policy Responses in Europe
New analysis warns Russia is likely to escalate its opportunistic hybrid activity in Europe into a more coordinated campaign consistent with **New Generation Warfare (NGW)** doctrine, integrating cyber operations, influence activity, and sabotage across a broader geographic footprint and at higher tempo. The assessment anticipates more synchronized, multi-domain actions designed to degrade NATO cohesion and readiness—such as pairing physical disruption (for example, airspace violations affecting critical infrastructure like airports) with cyberattacks (for example, **DDoS** against communications) to amplify operational and psychological impact. Ukrainian officials are simultaneously pushing for tighter regulation of **Telegram**, citing its repeated use by Russian intelligence to recruit locals for sabotage and terrorist attacks; the calls followed a deadly incident in Lviv that Ukrainian leadership attributed to Russia and said involved recruitment via Telegram. Separately, polling across major NATO countries indicates strong public support for treating severe hybrid actions—such as cyberattacks that shut down hospitals or power grids and sabotage of undersea cables or energy pipelines—as **acts of war**, highlighting a growing gap between public sentiment and NATO governments’ typically restrained responses to hybrid aggression.
Mar 21, 2026
Russian-Linked Cyberattacks Hit Ukraine and Spill Into Wider European Targets
Ukrainian government, military, banking, and energy targets were repeatedly disrupted by cyber operations tied to Russia and the war around Ukraine. Reports describe attacks on a Ukrainian power station, outages affecting the websites of Ukraine’s defense ministry and major banks, and broader disruptive activity against the country’s financial sector. The UK government later said technical analysis by the National Cyber Security Centre assessed that Russia’s **GRU** was almost certainly involved in the February 2022 distributed denial-of-service attacks on Ukrainian banking targets, framing the incidents as part of continued Russian aggression. The campaign also expanded beyond Ukraine through both state-linked and pro-Russian actors. **Killnet**, a Russia-aligned hacktivist group, claimed retaliatory **DDoS** attacks on Lithuanian government and business websites after restrictions affecting transit to Kaliningrad, while other reporting said Russian-backed actors continued destructive operations against Ukraine, including **wiper malware** and attempted power-grid attacks. At the same time, pro-Ukrainian hackers mounted hack-and-leak operations against Russian institutions, underscoring how the conflict evolved into a broader regional cyber confrontation affecting governments, critical infrastructure, and financial services.
May 25, 2026