Between Two Nerds: The evolution of cyber ops in Ukraine

Summary

Podcast Summary: Risky Bulletin — Between Two Nerds: The Evolution of Cyber Ops in Ukraine (March 2, 2026)

Overview

In this episode, hosts Tom Uran and Grok revisit the shifting landscape of cyber operations within the Ukraine war, analyzing how both Russia and Ukraine have adapted their cyber tactics over the years. The discussion focuses on how early destructive operations gave way to more sophisticated espionage and operational integration, and how both sides are learning by doing. The conversation also extends to recent intelligence-sharing developments and the maturing role of cyber in combined arms and strategic influence, providing nuanced insights into what has and hasn't worked.

Key Discussion Points & Insights

1. Evolution of Russian Cyber Operations in Ukraine

Initial Phases:
- Russia began with a tightly coordinated cyber campaign aligned with its military push, hoping for rapid success.
- When quick victories failed, they entered a period of disjointed, largely ineffective disruptive attacks.
- “They had everything planned out for a three day war and then the war didn’t end… So they spent a week going like, you know, what are you looking at me for? I did everything I was supposed to do.” (B, 01:44)
Destructive But Ineffective Attacks:
- The large-scale wiping attack on the Kyivstar mobile network caused disruption for a week, but had little strategic impact. “50% of Ukraine's mobile users were taken offline for probably an afternoon, as long as it took them to get a SIM card for another operator.” (B, 02:52)
Espionage as the Main Value:
- Shifted to intelligence gathering—mapping facilities, tracking repair crews, and conducting battle damage assessment to improve conventional targeting.
- “Russian cyber forces are increasingly focused on collecting intelligence to guide missile strikes rather than immediately disrupting operations.” (A, 04:41)

2. Improved Coordination and Maturity

Operational Integration:
- Now, Russian cyber and missile operations are better integrated, with espionage informing targeting and strike assessment.
- “This is part of a long-term strategy they expect to be able to execute on for years if they have to.” (B, 08:25)
Contrast with Polish Grid Attacks:
- Attacks on Poland’s grid seemed performative, likely motivated by internal Russian reporting rather than military necessity. “We can afford to like mess around and screw up because this isn’t actually an important theater.” (B, 09:30)
Operational Learning:
- Experiences have underscored what works and what doesn’t, moving away from headline-grabbing, short-lived disruptions to focused, combined-arms approaches. “In 2022 they tried the grid attack and it worked. And in working it proved just how useless it was.” (B, 11:00)

3. Strategic and Tactical Cyber Use

Strategic Influence:
- Intelligence releases targeting foreign leaders (e.g., sharing intercepted Russian ridicule of Trump with Americans) are compared to historical examples like the Zimmerman Telegram.
- “Intercepted phone calls and messages from senior Russians ridiculing Trump have been shared by the British with the Americans…This is potentially the sort of intelligence that could change the outcome of the war.” (A, 15:13)
- “It’s not the traditional use of intelligence.” (B, 16:17)
Cognitive Effects and Information Warfare:
- Intelligence can be used as a tool of persuasion or subversion, akin to “proportional cyber cognitive effect against a very small group to attack trust.” (B, 19:27)
Tactical Cyber — Ukraine's Approach:
- Example of Ukrainian hacktivist group “Phoenix” gaining six months’ access to Russian Shahed drone operators: early warning, strike guidance, and targeting.
- Unlike Russia, Ukraine must use access sparingly due to limited resources. “If you have access to the drone operators of the Shaheds, the people who are receiving that intelligence are not going to go, okay, this is useful, but could you wipe their computers and take them out for one day?” (B, 23:38)

4. Adaptation and Lessons Learned

None of the war-time cyber practices were originally theorized; they emerged from practical, hard-won experience.
“None of those ways of using cyber were the sort of ways that were predicted…All of these have been developed from practice.” (B, 27:20)
Cyber’s role has matured, with real integration into both operational planning and strategic influence, though this took several years and much trial-and-error.

Notable Quotes & Memorable Moments

On the Futility of Early Destructive Attacks:
- “Spending months to take down the grid for a few hours was not the best use of their time…When in order for us to do this, we’ve had to learn so much about the operations that we could tell you exactly which things to blow up to cause the most damage.” (B, 06:12)
On Operational Integration:
- “The integration of these two service arms…is a sign of operational maturity…you have people at the planning and staff level who are going, 'Wait a minute…why don’t we use these two things together to make them more effective?'” (B, 13:17)
On Strategic Intelligence Sharing:
- “It’s using intelligence to shape opinions by revealing truth…It’s information warfare in the broadest sense.” (A & B, 19:14–19:27)
On the Evolution of Cyber's Role:
- “Cyber is maturing, right? Like, it's arrived. It's been kicked off the couch and told that it has to get a real job…” (B, 27:30)

Important Segments & Timestamps

00:11–02:50: Early phases of Russian cyber ops and the Kyivstar mobile network attack.
03:35–05:11: Disorganized destructive attacks and their lack of impact on ground war.
05:54–07:35: Growing focus on intelligence and its integration with missile operations.
08:25–09:55: Contrast between Ukraine and Polish grid cyber attacks; “headline” vs “military significance.”
11:00–13:17: Operational learning, recognizing limitations, and the maturing use of cyber.
15:13–17:25: Strategic intelligence sharing, UK-US relations, and the impact (or lack thereof) of such disclosures.
19:14–21:33: Intelligence as cognitive/strategic influence, proportional effects, and their unpredictability.
23:38–25:34: Ukrainian hacktivist group Phoenix’s deep espionage into Russian drone operations.
27:20–27:41: Concluding thoughts on practical adaptation and the unexpected path cyber operations have taken.

Closing Thoughts

The episode provides a nuanced look at the evolution of cyber operations in the context of a prolonged, resource-intensive war. The Russian approach has evolved from futile disruption to valuable operational integration, while Ukraine has focused on using limited access for maximum effect. Both sides illustrate that war-time cyber tactics are shaped by necessity and trial rather than theory, with the maturing role of cyber now more complementary than ever to real-world military and political strategy.

Summary

Podcast Summary: Risky Bulletin — Between Two Nerds: The Evolution of Cyber Ops in Ukraine (March 2, 2026)

Overview

Key Discussion Points & Insights

1. Evolution of Russian Cyber Operations in Ukraine

Initial Phases:
- Russia began with a tightly coordinated cyber campaign aligned with its military push, hoping for rapid success.
- When quick victories failed, they entered a period of disjointed, largely ineffective disruptive attacks.
- “They had everything planned out for a three day war and then the war didn’t end… So they spent a week going like, you know, what are you looking at me for? I did everything I was supposed to do.” (B, 01:44)
Destructive But Ineffective Attacks:
- The large-scale wiping attack on the Kyivstar mobile network caused disruption for a week, but had little strategic impact. “50% of Ukraine's mobile users were taken offline for probably an afternoon, as long as it took them to get a SIM card for another operator.” (B, 02:52)
Espionage as the Main Value:
- Shifted to intelligence gathering—mapping facilities, tracking repair crews, and conducting battle damage assessment to improve conventional targeting.
- “Russian cyber forces are increasingly focused on collecting intelligence to guide missile strikes rather than immediately disrupting operations.” (A, 04:41)

2. Improved Coordination and Maturity

Operational Integration:
- Now, Russian cyber and missile operations are better integrated, with espionage informing targeting and strike assessment.
- “This is part of a long-term strategy they expect to be able to execute on for years if they have to.” (B, 08:25)
Contrast with Polish Grid Attacks:
- Attacks on Poland’s grid seemed performative, likely motivated by internal Russian reporting rather than military necessity. “We can afford to like mess around and screw up because this isn’t actually an important theater.” (B, 09:30)
Operational Learning:
- Experiences have underscored what works and what doesn’t, moving away from headline-grabbing, short-lived disruptions to focused, combined-arms approaches. “In 2022 they tried the grid attack and it worked. And in working it proved just how useless it was.” (B, 11:00)

3. Strategic and Tactical Cyber Use

Strategic Influence:
- Intelligence releases targeting foreign leaders (e.g., sharing intercepted Russian ridicule of Trump with Americans) are compared to historical examples like the Zimmerman Telegram.
- “Intercepted phone calls and messages from senior Russians ridiculing Trump have been shared by the British with the Americans…This is potentially the sort of intelligence that could change the outcome of the war.” (A, 15:13)
- “It’s not the traditional use of intelligence.” (B, 16:17)
Cognitive Effects and Information Warfare:
- Intelligence can be used as a tool of persuasion or subversion, akin to “proportional cyber cognitive effect against a very small group to attack trust.” (B, 19:27)
Tactical Cyber — Ukraine's Approach:
- Example of Ukrainian hacktivist group “Phoenix” gaining six months’ access to Russian Shahed drone operators: early warning, strike guidance, and targeting.
- Unlike Russia, Ukraine must use access sparingly due to limited resources. “If you have access to the drone operators of the Shaheds, the people who are receiving that intelligence are not going to go, okay, this is useful, but could you wipe their computers and take them out for one day?” (B, 23:38)

4. Adaptation and Lessons Learned

None of the war-time cyber practices were originally theorized; they emerged from practical, hard-won experience.
“None of those ways of using cyber were the sort of ways that were predicted…All of these have been developed from practice.” (B, 27:20)
Cyber’s role has matured, with real integration into both operational planning and strategic influence, though this took several years and much trial-and-error.

Notable Quotes & Memorable Moments

On the Futility of Early Destructive Attacks:
- “Spending months to take down the grid for a few hours was not the best use of their time…When in order for us to do this, we’ve had to learn so much about the operations that we could tell you exactly which things to blow up to cause the most damage.” (B, 06:12)
On Operational Integration:
- “The integration of these two service arms…is a sign of operational maturity…you have people at the planning and staff level who are going, 'Wait a minute…why don’t we use these two things together to make them more effective?'” (B, 13:17)
On Strategic Intelligence Sharing:
- “It’s using intelligence to shape opinions by revealing truth…It’s information warfare in the broadest sense.” (A & B, 19:14–19:27)
On the Evolution of Cyber's Role:
- “Cyber is maturing, right? Like, it's arrived. It's been kicked off the couch and told that it has to get a real job…” (B, 27:30)

Important Segments & Timestamps

00:11–02:50: Early phases of Russian cyber ops and the Kyivstar mobile network attack.
03:35–05:11: Disorganized destructive attacks and their lack of impact on ground war.
05:54–07:35: Growing focus on intelligence and its integration with missile operations.
08:25–09:55: Contrast between Ukraine and Polish grid cyber attacks; “headline” vs “military significance.”
11:00–13:17: Operational learning, recognizing limitations, and the maturing use of cyber.
15:13–17:25: Strategic intelligence sharing, UK-US relations, and the impact (or lack thereof) of such disclosures.
19:14–21:33: Intelligence as cognitive/strategic influence, proportional effects, and their unpredictability.
23:38–25:34: Ukrainian hacktivist group Phoenix’s deep espionage into Russian drone operations.
27:20–27:41: Concluding thoughts on practical adaptation and the unexpected path cyber operations have taken.

wavePod

Get Free Podcast Summaries in Your Inbox

Pick Your Shows

Subscribe Free

Get Instant Summaries

Summary

Overview

Key Discussion Points & Insights

1. Evolution of Russian Cyber Operations in Ukraine

2. Improved Coordination and Maturity

3. Strategic and Tactical Cyber Use

4. Adaptation and Lessons Learned

Notable Quotes & Memorable Moments

Important Segments & Timestamps

Closing Thoughts

Summary

Overview

Key Discussion Points & Insights

1. Evolution of Russian Cyber Operations in Ukraine

2. Improved Coordination and Maturity

3. Strategic and Tactical Cyber Use

4. Adaptation and Lessons Learned

Notable Quotes & Memorable Moments

Important Segments & Timestamps

Closing Thoughts