In the ongoing conflict between Russia and Ukraine, the latter has launched the Kursk Offensive, a major military operation that combined traditional warfare with sophisticated cyber strategies. This offensive marked a significant shift in Ukraine’s approach, showcasing their ability to conduct well-coordinated, high-impact operations.
Despite receiving considerable backing, Ukraine confronts an environment of diminishing patience from the international community, exacerbated by reduced U.S. aid and gaps in European support amidst global distractions. This operation saw Ukrainian forces push 25 miles into the Kursk Oblast region, ultimately claiming control over more than 450 miles of territory within three weeks.
Cyble’s research indicates that the Kursk Offensive was not an impromptu move but the culmination of meticulous preparation. Since early 2023, Ukrainian forces have conducted extensive surveillance and preparatory actions. Volunteer units and specialized reconnaissance teams operated discreetly, gathering intelligence and conducting preliminary raids to disrupt Russian operations.
Strategic Overview of the Kursk Offensive
From early 2023, Ukraine’s activities reflected a strategic buildup leading to the Kursk Offensive. In February 2023, Ukrainian Grad missiles targeted Shebekino, leading to intermittent shelling and drone strikes throughout the month. By March 2023, drone attacks were launched against key infrastructure in Belgorod Oblast, including the Transneft-Druzhba oil pipeline, signaling a broader escalation.
The summer of 2023 saw further aggression when, in August, Ukrainian drone strikes hit the Kursk Railway Station and various government buildings. This pattern of increasing attacks continued into September, with intensified artillery fire and drone strikes along the Kursk border. October 2023 brought more disruptions, as drone strikes targeted electrical facilities across several towns in the Kursk region, causing widespread blackouts. December 2023 witnessed continued disruptions with drone attacks targeting public areas and utilities in the Dmitrievsky and Zheleznogorsk districts.
In 2024, Ukrainian operations escalated significantly. February 2024 saw the Legion of Freedom of Russia posting on Telegram to solicit assistance for operations near the Kursk and Belgorod borders. March 2024 brought coordinated raids by Ukrainian groups, resulting in the capture of the village of Novaya Tavolzhanka. The offensive momentum continued in April with drone attacks on the Fatezhsky district in Kursk, followed by a broader expansion in May, targeting various villages and checkpoints in the region.
The Kursk Offensive Cyber Campaign
The Kursk Offensive, launched in August 2024, was significantly bolstered by a coordinated cyber campaign led by Ukrainian military intelligence (HUR). Ukrainian cyber units executed strategic operations aimed at disrupting Russian military capabilities through targeted cyber-attacks.
These attacks focused on critical infrastructure, such as electrical and water utilities, effectively hampering Russian military logistics. Additionally, malware and ransomware campaigns, notably by groups like PhantomCore and BlackJack, were employed to gather intelligence and destroy crucial data.
The offensive also featured a series of notable cyber incidents, including attacks by the Lifting Zmiy group on Russian IT infrastructure from September 2023 to June 2024, and BlackJack’s ransomware attacks in December 2023 that severely disrupted water utilities. By January 2024, PhantomCore and BlackJack had escalated their attacks, impacting various sectors and causing operational disruptions.
In retaliation, Russia launched counter-cyber operations. On August 12, 2024, Ukraine’s CERT-UA reported a wave of malicious emails that compromised over 100 computers, including those within Ukrainian state institutions. The cyber conflict continued to escalate with subsequent attacks involving malware disguised as information about prisoners of war, intensifying the ongoing digital confrontation.