Mobile Networks and Cyber Operations Enabling Drone Warfare in the Russia–Ukraine Conflict
Ukrainian hacktivists linked to the Fenix cyber analytics center, supported by InformNapalm, reported compromising accounts belonging to dozens of Russian military personnel and gaining access to monitoring systems used by Russian attack-drone operators. The operation allegedly enabled covert, near real-time surveillance of drone-operator activity and the transfer of collected data to Ukrainian Defense Forces, and it was cited in reporting around Ukraine’s decision to sanction Belarusian leader Alyaksandr Lukashenka over Belarus’s role in enabling Russia’s use of repeater infrastructure on Belarusian territory to extend UAV control and expand strike reach into northern Ukraine, including against energy and rail targets.
Separately, Dutch intelligence services (AIVD/MIVD) warned that Russia is intensifying a broader hybrid warfare campaign across Europe—combining cyberattacks, sabotage, disinformation, covert influence, and espionage—to undermine public trust and weaken support for Ukraine while staying below the threshold of open war. In parallel, telecom-focused research highlighted how public mobile networks are increasingly being used as command/telemetry links for combat drones, citing examples from the Russia–Ukraine war and describing how 4G/5G standards work (e.g., 3GPP enhancements in Releases 15–18) has made cellular-connected UAV operations more feasible—raising infrastructure-security concerns for mobile operators and national critical infrastructure.
Sources
Related Stories
Rising Drone Threats to Military and Critical Infrastructure in Europe
The UK Ministry of Defence reported a sharp increase in **drone sightings near British military bases**, citing **266 incidents** last year versus **126 in 2024**, and linked the trend to concerns about hostile reconnaissance of sensitive defence sites, including airbases used by the **US Air Force**. In response, the UK government is moving to expand authorities under the **Armed Forces Bill** so designated military personnel can directly intervene against threatening uncrewed systems—covering **air, land, and submersible drones**—without first requiring police involvement. In Ukraine, **SpaceX and Ukrainian authorities** implemented an **emergency measure** to disable **unauthorized Starlink terminals** being used to control Russian long-range drones, following reports that Russia continued leveraging Starlink-enabled connectivity for strikes deeper inside Ukraine. Ukrainian officials characterized the action as a temporary fix that may also disrupt some legitimate users, while SpaceX and Ukraine pursue a more durable approach to prevent unauthorized use of the satellite service in contested environments—highlighting how **commercial communications infrastructure** is being exploited as part of drone-enabled warfare and broader hybrid threats across Europe.
1 months ago
Escalating Russian Hybrid Warfare and Policy Responses in Europe
New analysis warns Russia is likely to escalate its opportunistic hybrid activity in Europe into a more coordinated campaign consistent with **New Generation Warfare (NGW)** doctrine, integrating cyber operations, influence activity, and sabotage across a broader geographic footprint and at higher tempo. The assessment anticipates more synchronized, multi-domain actions designed to degrade NATO cohesion and readiness—such as pairing physical disruption (for example, airspace violations affecting critical infrastructure like airports) with cyberattacks (for example, **DDoS** against communications) to amplify operational and psychological impact. Ukrainian officials are simultaneously pushing for tighter regulation of **Telegram**, citing its repeated use by Russian intelligence to recruit locals for sabotage and terrorist attacks; the calls followed a deadly incident in Lviv that Ukrainian leadership attributed to Russia and said involved recruitment via Telegram. Separately, polling across major NATO countries indicates strong public support for treating severe hybrid actions—such as cyberattacks that shut down hospitals or power grids and sabotage of undersea cables or energy pipelines—as **acts of war**, highlighting a growing gap between public sentiment and NATO governments’ typically restrained responses to hybrid aggression.
3 weeks ago
Geopolitically Driven Cyber Activity and Hybrid Operations Escalate Across Europe and Major Events
Multiple reports describe an uptick in **state-linked and politically motivated cyber activity** in Europe, framed as part of broader **hybrid warfare**. Dutch intelligence (AIVD/MIVD) warned that Russia is intensifying a mix of cyberattacks, sabotage, disinformation, covert influence, and espionage designed to stay below the threshold of open conflict while testing Western red lines and undermining support for Ukraine. Related policy commentary notes growing calls from European and NATO officials for stronger “strike back” or offensive cyber capacity, but argues that political will and proportional response options—especially against proxy-driven sabotage—remain the limiting factors rather than technical capability. Separately, threat reporting tied to the **2026 Winter Olympics** indicates increased **hacktivist mobilization and targeting chatter** against Olympic-adjacent entities (e.g., transportation, sponsors, and overlapping supply chains), alongside continued targeting of the defense industrial base by a mix of hacktivists, state actors, and cybercriminals. A case study on Venezuela’s Caracas outage during “Operation Absolute Resolve” cautions against attributing major disruptions to “cyber-only” effects when available evidence also indicates substantial **kinetic/physical damage** to substations, underscoring that modern operations may integrate cyber and physical actions and that misframing can distort infrastructure security priorities.
3 weeks ago