Editor’s Note: Russia’s summer offensive has stalled on the ground, so the Kremlin has shifted weight to the layer where it still moves freely: information. In the first week of July, as missiles hit Kyiv and diplomats gathered for a NATO summit in Turkey, Russian operators kept a parallel campaign running against the systems that carry Ukraine’s account of the war, its television stations, newsrooms and digital records. The reporting here connects a three-hour application-layer DDoS attack, a thwarted attempt to hijack a broadcaster’s voice, and Europe’s accelerating cyber support into a single story about information integrity under fire.

For cybersecurity, data privacy, regulatory compliance and eDiscovery professionals, the relevance is direct. Credential theft aimed at publishing rights, floods built to imitate human traffic, and disinformation synced to diplomatic calendars are not distant wartime exotica; they are the same techniques that test corporate communications, law firms and regulated institutions.

Watch two threads next: how the EU Cybersecurity Reserve performs under real load, and whether newsroom-grade defenses, tamper-evident logging and provable publishing records become a baseline expectation well beyond Ukraine.


Content Assessment: The three silent hours: How Russia’s cyber war targets Ukraine’s newsrooms

Information - 94%
Insight - 92%
Relevance - 92%
Objectivity - 91%
Authority - 94%

93%

Excellent

A short percentage-based assessment of the qualitative benefit expressed as a percentage of positive reception of the recent article from ComplexDiscovery OÜ titled, "The three silent hours: How Russia’s cyber war targets Ukraine’s newsrooms."


Industry News – Geopolitics Beat

The three silent hours: How Russia’s cyber war targets Ukraine’s newsrooms

ComplexDiscovery Staff

For three hours, the weapon aimed at a Ukrainian television station made no sound at all.

It arrived as 200,000 requests a minute, a flood of counterfeit traffic engineered to drown a newsroom’s website until no reader in Ukraine could reach it.

That attack, which the Security Service of Ukraine (SSU) described as one of the largest of the year, sits at the quiet center of a war usually counted in missiles and miles of front line. On the night of July 5 to 6, Russian forces launched their fourth large-scale missile and drone strike against Ukraine since June 1, hitting Kyiv. President Volodymyr Zelensky later reported that the death toll had risen to 22. Beneath the explosions, a second campaign kept running: a contest over who controls Ukraine’s information, its newsrooms and the record of the war itself.

A strike timed for the cameras

The two campaigns are connected. The Institute for the Study of War said Russia likely timed its early-July strike package to shape perceptions ahead of the July 7 to 8 NATO summit in Turkey, where U.S. President Donald Trump was set to meet Ukrainian and European leaders. Moscow has cast itself as a willing negotiator and Kyiv as the obstacle to peace, a posture aimed less at the trenches than at the audiences watching them.

That framing carries weight because Russia’s summer offensive has bought little ground. The Institute for the Study of War has assessed in recent reporting that the spring and summer 2026 offensive failed to produce operationally meaningful gains, even as Moscow keeps shaping narratives around claimed battlefield progress. When territory stalls, the message becomes the maneuver, and the fastest way to shape a message is to control, or corrupt, the channels that carry it.



Why Ukraine’s newsrooms became targets

Since the full-scale invasion began in February 2022, the SSU’s Cyber Security Department has neutralized over 16,000 cyberattacks and cyber incidents, said Brigadier General Volodymyr Karastelyov, who heads the department. Government agencies, banks and defense structures draw steady fire. So do the media, which Karastelyov named a priority target for Russian operations.

The television station attack showed the method. “The botnet generated up to 200,000 requests per minute from nodes in Asia, Europe, and the US,” Karastelyov said. The traffic hit the site’s application layer, mimicking real users to exhaust the server rather than simply flooding it with raw volume. SSU specialists kept the site online. The aim was denial: to make it harder for a Ukrainian audience to reach a Ukrainian source, creating the kind of information vacuum that invites something else to fill it.

When the goal is the byline, not the outage

Knocking a site offline is the blunt approach. Stealing its voice is the subtler one. In 2025, the SSU said, attackers struck another Ukrainian television group with a phishing campaign while probing adjacent systems, working to seize the outlet and publish propaganda under its own trusted name. Investigators caught the intrusion before the takeover succeeded.

For information governance and eDiscovery professionals, that scenario should read as both familiar and alarming. An adversary that captures a publisher’s content management system does not just steal data; it manufactures a false but authentic-looking record, signed with a legitimate credential. Separating the real article from the forgery afterward becomes a forensic exercise, one that leans on preserved logs, version history and defensible chain of custody. The strongest defense is assembled before the breach: strict access controls, tamper-evident logging and archived snapshots that let an organization prove what it published, and when.

Europe moves to shore up the defense

The institutional response has quickened. On June 10, the European Union launched EU4CyberUA, a €10 million, four-year program running from 2026 to 2029 to align Ukraine’s cyber defenses with EU standards. Days later, the Council of the European Union approved Ukraine’s entry into the EU Cybersecurity Reserve, giving Kyiv access to incident-response help from vetted private providers, coordinated through the EU Agency for Cybersecurity, during large-scale attacks.

Ukraine is also pushing defense down to the newsroom floor. The SSU and the National Council of Ukraine on Television and Radio Broadcasting ran cybersecurity training at 20 venues across 21 regions in 2026, reaching about 450 editors, journalists and technical staff. “The main aim of the joint project is not only to respond to cyber-attacks after they have already occurred, but also to build up the practical capacity of regional newsrooms to independently detect threats,” said Olha Herasymiuk, who chairs the National Council.

What the record demands of practitioners

Strip away the geography and the lesson travels. The tactics tested against Ukrainian media, credential theft aimed at publishing rights, DDoS floods engineered to pass as human traffic, and disinformation timed to diplomatic calendars, reach corporate communications teams, law firms and regulated institutions far from any front line. A DDoS built to imitate real users slips past defenses tuned only for crude volume. A propaganda takeover of a trusted account is a data-integrity incident with legal and evidentiary tails.

The practical steps are unglamorous and portable: keep tamper-evident logs, preserve the metadata that establishes authenticity, rehearse incident response before it is needed, and treat the integrity of the published record as an asset worth defending. The organizations that weather the next information operation will be the ones that can show, quickly and defensibly, what they said and what they did not.

Which returns the story to those three silent hours. The attackers blew nothing up; they tried to erase a signal and, failing that, to counterfeit one. As the fighting grinds toward another round of talks, the sharper question for anyone who manages information is not whether the next attack will land, but this: when someone tries to speak in your name, will you be able to prove they did not?



News sources



Assisted by GAI and LLM Technologies

Additional reading

Source: ComplexDiscovery OÜ

ComplexDiscovery’s mission is to enable clarity for complex decisions by providing independent, data‑driven reporting, research, and commentary that make digital risk, legal technology, and regulatory change more legible for practitioners, policymakers, and business leaders.

 

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.

ComplexDiscovery OÜ is an independent digital publication and research organization based in Tallinn, Estonia. ComplexDiscovery covers cybersecurity, data privacy, regulatory compliance, and eDiscovery, with reporting that connects legal and business technology developments—including high-growth startup trends—to international business, policy, and global security dynamics. Focusing on technology and risk issues shaped by cross-border regulation and geopolitical complexity, ComplexDiscovery delivers editorial coverage, original analysis, and curated briefings for a global audience of legal, compliance, security, and technology professionals. Learn more at ComplexDiscovery.com.

 

Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude, Gemini, Grammarly, Midjourney, and Perplexity, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).