Cyberwar Has Become Personal and Now Runs Through the People Around the Army

Cybersecurity in Ukraine can no longer be perceived as a separate technical field where the main task is to protect a government website, a mail server, or a state database. The war has changed the very nature of cyber threats. If at the beginning of the full-scale invasion the enemy tried to paralyze infrastructure with mass attacks, then in 2025-2026 the main strike is increasingly aimed not directly at the system, but at the people around it.

The target becomes a soldier, a volunteer, a developer of defense software, a technical contractor, a work chat administrator, a local government employee, a doctor, an IT specialist, or a family member of a person connected to the army. The enemy is looking not only for a weak spot in code. It is looking for trust, fatigue, haste, the habit of opening files, using personal email, replying in messengers, and not verifying the interlocutor through another channel. That is why cybersecurity has become part of defense. It no longer ends with state systems. It covers the entire human and technological ecosystem around the army.

The Enemy No Longer Strikes Only Large Systems

In 2025, the national cyber incident response team processed 5,927 cyber incidents. This is 37.4% more than a year earlier. Partly, this indicates the growing activity of the enemy; partly, it reflects the improved ability of Ukrainian specialists to detect attacks. The largest number of strikes fell on local government bodies 2,115 incidents, or 35.7% of the total. Government organizations recorded 1,170 incidents, the security and defense sector 1,039, and the energy sector 279. But the statistics alone are not what matters. The range of targets has noticeably expanded. Attention has grown toward the medical sector, IT companies, contractors, volunteer structures, and people who may have even indirect access to important information. This means that the enemy has changed the logic of attack. If a large structure is better protected, it does not have to be hacked directly. It is enough to find a weaker link nearby: a small team, a technical partner, a volunteer, an employee with access to documents, or a relative of a soldier.

The Individual Has Become the Main Entry Point

The most common method of attacks in 2025 was the distribution of malicious software 2,058 cases. The number of fraudulent emails and messages with dangerous links or files doubled over the year: from 843 to 1,727 cases. Almost a thousand infections with malicious programs and more than 400 compromises of accounts were also recorded. These figures show one simple thing the enemy works not only with technology, but with human behavior. A modern attack often begins not with the hacking of a complex system, but with a message in a messenger. A person may be contacted on behalf of a charitable organization, a volunteer initiative, an acquaintance, a recruiter, a government institution, or a technical service. They may be offered help, asked to fill out a form, download a document, update an application, pass verification, or send data.

Such attacks are becoming personalized. Attackers may know the person’s name, place of work, connections, family circumstances, involvement in volunteering, professional interests, military direction, or even details about a unit. The more information a person leaves in open access, the more convincing the cover story becomes. Therefore, an ordinary video call, the Ukrainian language of the interlocutor, or knowledge of details no longer guarantees safety. On the contrary, this is increasingly being used to create trust.

Families of Soldiers and Developers Have Also Become Targets

A separate dangerous direction is attacks through loved ones. If a person serves, works with defense technologies, or participates in volunteer support for the army, their family may also become part of the risk. An attack on a wife, husband, parents, or children may be a faster path to the needed information than a direct attack on a soldier or developer. Through a relative, one can gain access to a device, an account, correspondence, photos, documents, or simply create psychological pressure. This is especially dangerous in Ukraine, where almost every family has someone who serves, volunteers, works for defense, or helps the military. The enemy uses precisely this broad involvement of society. Because of this, rules of digital caution should concern not only soldiers and defense-sector workers. They should be understood by families, volunteers, acquaintances, small teams, accountants, drivers, administrators, recruiters, and everyone who may accidentally become a bridge to important information.

Fraudulent Recruiting and Volunteer Cover Stories

Another common way of collecting data is fake vacancies and volunteer offers. A person may be interested in a job, part-time work, participation in a project, a humanitarian initiative, or assistance for the military. After the first contact, communication is moved to a messenger, where they are asked to send a résumé, documents, bank details, or pass additional verification. At first glance, this may look like a normal work process. But the collected data is then used for new attacks account theft, financial fraud, recruitment, creation of a more accurate cover story, or access to people with entry to important systems. Open chats, job search groups, local communities, professional social networks, and channels with comments are especially vulnerable. There it is easy to find people by position, experience, city, place of work, or connections. The problem is not the platforms themselves. The problem is that people often do not perceive ordinary communication as the beginning of an intelligence operation. And that is exactly how it can work.

Contractors Have Become a Bypass Route to Larger Targets

When military structures strengthen protection, the enemy looks not for the main door, but for a side entrance. Contractors often become such an entrance small IT teams, service companies, software developers, volunteer projects, administrators of technical systems. Hacking a large state or military structure is difficult. But one can attack a small team that has access to part of the data, services a system, writes code, performs configuration, or maintains contact with a larger customer. Many such teams work in a mode of constant haste. A solution must be created quickly, tested in field conditions, transferred to the military, updated, fixed, and transferred again. In such conditions, security often falls into the background. The boundary between personal and work devices becomes blurred. Documents are sent through messengers. Access is granted quickly. Passwords may be repeated. Code may be stored without sufficient control. For the enemy, this is an almost ideal situation. It does not have to attack a defense system directly. It is enough to find a weaker team nearby.

The Principle of Zero Trust Must Become the Rule, Not the Exception

One of the main problems of Ukraine’s defense digital ecosystem is the fragmented implementation of the zero-trust principle. Its logic is simple: one cannot automatically trust a person, a device, or a request only because they are already inside the system. Every access must be checked separately. Every user must receive only those rights that are truly needed for work. Every action must leave a trace. Every device must pass verification. Every contractor must meet minimum security requirements.

In Ukraine, many defense digital solutions were created under conditions of urgent need. The priority was understandable: the system must work now. But what helped launch necessary tools quickly eventually created another problem reliable security procedures were not built everywhere in time. A change in approach is needed. Security must not be an add-on after a product launch. It must be part of development, procurement, work with contractors, team training, and daily operation.

The State Has Begun to Demand Cyber Protection From Suppliers

An important step was the introduction of mandatory cybersecurity requirements for participation in public procurement. Suppliers are divided by risk levels. For companies that do not touch state resources, basic protection rules are sufficient. For those who work with state data, more serious security confirmations are required. This is the right direction. The state cannot build defense digital systems relying on contractors without minimum verification. But formal requirements alone are not enough. Real practice is needed: access checks, assessment of second-level contractors, regular training, an incident response plan, technical audit, control of code repositories, and limitation of user rights. Without this, any document risks remaining a paper guarantee that will not stop an attack.

Defense Technologies Have Become Both an Advantage and a Target

Ukraine has a unique advantage: technologies are tested not in a laboratory, but in war. Drones, communication systems, digital battle maps, data processing tools, solutions for countering electronic suppression, software for coordinating units all of this goes through a very fast update cycle. Manufacturers receive feedback from the military regularly, sometimes daily. A product can change many times a year. In a peacetime defense industry, such speed is almost impossible. But this is precisely what makes Ukrainian developments valuable to the enemy. They want to hack them, steal them, copy them, study them, or use them to create countermeasures. Ukraine’s technological advantage automatically becomes an intelligence target. This concerns not only large companies. A small team that has created an effective solution for drones, communication, or processing battlefield data may be of no less interest to foreign intelligence services than a large defense enterprise.

Artificial Intelligence Has Become a New Risk Channel

A separate underestimated threat is the uncontrolled use of artificial intelligence tools. Developers often perceive them as a convenient assistant: they insert pieces of code, describe the logic of a system, ask to check an error, or explain the structure of an algorithm. In an ordinary commercial project, this may already be a risk. In the defense sphere, it is a potential leak of sensitive information. The problem is not that the tool itself is necessarily hostile. The problem is that a team may not control where the information goes, who has access to it, how it is stored, and whether it can be used later. If the request contains a piece of code, a system diagram, or a description of a technical solution, it is no longer just a work prompt. It is part of intellectual property and defense security. Therefore, teams working with defense products need clear rules for using such tools. What can be inserted, what is prohibited, which services are allowed, who is responsible for control, and how compliance with the rules is checked.

Ukraine’s Advantage Is Born From Speed, but Security Must Preserve It

Ukrainian defense technologies are developing so quickly precisely because they have a direct connection with the front. A software solution can be created today, tested tomorrow, changed the day after tomorrow, and in a week already work better. This is a unique advantage. In 2025, investments in Ukrainian defense technologies exceeded $105 million. The defense technology market was estimated at $6.8 billion, of which the drone sector accounted for $6.3 billion and more than 150 manufacturers. Ukrainian technologies began scaling abroad: production lines appeared in European countries, and investor interest is growing in drones, robotic systems, tools for countering enemy communications, cyber protection, and demining.

But scaling without security creates a new vulnerability. The more partners, production facilities, teams, contractors, and channels for data exchange there are, the more potential entry points there are for the enemy. That is why Ukraine’s strength must consist of two parts: rapid development and strict protection. One no longer works without the other.

What Must Change

Ukraine needs not only a reaction to attacks that have already happened. It needs a system that reduces the chance of successful penetration before an incident occurs. The minimum set should include several things.

First – separation of personal and work. Separate devices, separate mailboxes, separate communication channels, separate access rules.

Second – mandatory multi-factor login verification. A password alone is no longer sufficient protection.

Third – the principle of minimum rights. A person should not have access to everything simply because they work in the team.

Fourth– contractor verification. Not only of the first level, but also of those who stand further down the chain.

Fifth – control of code repositories, open components, and third-party libraries. Part of the risk may come not from a team’s own code, but from what the team connected from outside.

Sixth – training people. Not formal, but practical: what a suspicious message looks like, how to verify an interlocutor, why password-protected archives should not be opened, why service documents should not be sent in personal chats.

Seventh – rules for working with artificial intelligence. Defense developments cannot exist in a mode where “everyone uses whatever they want.”

The cyberwar against Ukraine has become quieter, more precise, and closer to the individual. The enemy attacks not only state systems. It attacks everything that connects the army, volunteers, developers, contractors, families, messengers, email, code, work devices, and personal habits. This means that cybersecurity is no longer a technical detail. It has become part of defense in the same way as communication, logistics, intelligence, and weapons production. Ukraine has a strong advantage speed, inventiveness, and technologies that undergo real combat testing. But this very advantage makes Ukraine’s defense ecosystem a target. To preserve it, talented development alone is not enough. Security discipline is also needed access control, contractor verification, code protection, caution in communications, rules for families, and a clear understanding that every person around defense can become a target. The new cyberwar does not always look like an attack on a server. Often, it begins with a message, a file, a vacancy, a call, or a request from a supposedly familiar person. That is why Ukraine’s defense today runs not only through state cyber defense centers, but also through the daily digital behavior of everyone who is even slightly connected to the front.

Tags: army, artificial intelligence, cyber threats, cybersecurity, cyberwar, defense, defense tech, phishing, Time for Action, Ukraine, volunteers

admin

Administrator

Visit Website View All Posts

Ukrainian Metallurgy Is Losing Volumes and Becoming Increasingly Dependent on Raw Material Exports