Enlarge (credit: Celestino Arce/Getty Images)

Amidst the tragic toll of Russia's brutal and catastrophic invasion of Ukraine, the effects of the Kremlin's long-running campaign of destructive cyberattacks against its neighbor have often—rightfully—been treated as an afterthought. But after a year of war, it's becoming clear that the cyberwar Ukraine has endured for the past year represents, by some measures, the most active digital conflict in history. Nowhere on the planet has ever been targeted with more specimens of data-destroying code in a single year.

Ahead of the one-year anniversary of Russia's invasion, cybersecurity researchers at Slovakian cybersecurity firm ESET, network security firm Fortinet, and Google-owned incident-response firm Mandiant have all independently found that in 2022, Ukraine saw far more specimens of “wiper” malware than in any previous year of Russia's long-running cyberwar targeting Ukraine—or, for that matter, any other year, anywhere. That doesn't necessarily mean Ukraine has been harder hit by Russian cyberattacks than in past years; in 2017 Russia's military intelligence hackers known as Sandworm released the massively destructive NotPetya worm . But the growing volume of destructive code hints at a new kind of cyberwar that has accompanied Russia's physical invasion of Ukraine, with a pace and diversity of cyberattacks that's unprecedented.

Enlarge (credit: Evgen Kotenko/Getty Images)

Yurii Shchyhol doesn’t have a lot of time to spare.

The head of the Derzhspetszviazok, Ukraine’s version of the US Cybersecurity and Infrastructure Security Agency, can be forgiven for working speedily. His country is under attack—and with it, the world order. “This is the first time ever in history that we’ve had such a full-fledged cyberwar happening right now in Ukraine,” says Shchyhol, who’s tasked with keeping Ukraine’s cyber territory safe in the same way president Volodymyr Zelensky oversees the country’s physical armed forces.

Skirmishes on the internet against Russian hackers weren’t new to Shchyhol, nor to the people he oversees as part of the Derzhspetszviazok, also known as the State Service of Special Communications and Information Protection. Before invading Ukraine on February 24, Russia had been testing the defenses of Ukraine’s cybersecurity. Mostly it was persistent, low-level attacks, but one larger attack was launched on January 14, when Russia targeted more than 20 Ukrainian government institutions. The attack, designed to disrupt government-linked websites, leached out into the wider Ukrainian internet. “We also identified that around 90 websites were not accessible as a result of that attack,” says Shchyhol. “The goal of the Russian hackers was to sow panic among the Ukrainian population, and to demonstrate to the outside world that Ukraine is a weak state that couldn’t handle the attacks,” he says. This is why the Derzhspetszviazok rushed to relaunch the sites affected. “The longest it took us for one site was close to one week,” he says. “No data was lost, and the outcome of this attack was more psychological warfare.”