Editor’s Note: Russia’s summer offensive has stalled on the ground, so the Kremlin has shifted weight to the layer where it still moves freely: information. In the first week of July, as missiles hit Kyiv and diplomats gathered for a NATO summit in Turkey, Russian operators kept a parallel campaign running against the systems that carry Ukraine’s account of the war, its television stations, newsrooms and digital records. The reporting here connects a three-hour application-layer DDoS attack, a thwarted attempt to hijack a broadcaster’s voice, and Europe’s accelerating cyber support into a single story about information integrity under fire.
For cybersecurity, data privacy, regulatory compliance and eDiscovery professionals, the relevance is direct. Credential theft aimed at publishing rights, floods built to imitate human traffic, and disinformation synced to diplomatic calendars are not distant wartime exotica; they are the same techniques that test corporate communications, law firms and regulated institutions.
Watch two threads next: how the EU Cybersecurity Reserve performs under real load, and whether newsroom-grade defenses, tamper-evident logging and provable publishing records become a baseline expectation well beyond Ukraine.
Content Assessment: The three silent hours: How Russia’s cyber war targets Ukraine’s newsrooms
Information - 94%
Insight - 92%
Relevance - 92%
Objectivity - 91%
Authority - 94%
93%
Excellent
A short percentage-based assessment of the qualitative benefit expressed as a percentage of positive reception of the recent article from ComplexDiscovery OÜ titled, "The three silent hours: How Russia’s cyber war targets Ukraine’s newsrooms."
Industry News – Geopolitics Beat
The three silent hours: How Russia’s cyber war targets Ukraine’s newsrooms
ComplexDiscovery Staff
For three hours, the weapon aimed at a Ukrainian television station made no sound at all.
It arrived as 200,000 requests a minute, a flood of counterfeit traffic engineered to drown a newsroom’s website until no reader in Ukraine could reach it.
That attack, which the Security Service of Ukraine (SSU) described as one of the largest of the year, sits at the quiet center of a war usually counted in missiles and miles of front line. On the night of July 5 to 6, Russian forces launched their fourth large-scale missile and drone strike against Ukraine since June 1, hitting Kyiv. President Volodymyr Zelensky later reported that the death toll had risen to 22. Beneath the explosions, a second campaign kept running: a contest over who controls Ukraine’s information, its newsrooms and the record of the war itself.
A strike timed for the cameras
The two campaigns are connected. The Institute for the Study of War said Russia likely timed its early-July strike package to shape perceptions ahead of the July 7 to 8 NATO summit in Turkey, where U.S. President Donald Trump was set to meet Ukrainian and European leaders. Moscow has cast itself as a willing negotiator and Kyiv as the obstacle to peace, a posture aimed less at the trenches than at the audiences watching them.
That framing carries weight because Russia’s summer offensive has bought little ground. The Institute for the Study of War has assessed in recent reporting that the spring and summer 2026 offensive failed to produce operationally meaningful gains, even as Moscow keeps shaping narratives around claimed battlefield progress. When territory stalls, the message becomes the maneuver, and the fastest way to shape a message is to control, or corrupt, the channels that carry it.
Why Ukraine’s newsrooms became targets
Since the full-scale invasion began in February 2022, the SSU’s Cyber Security Department has neutralized over 16,000 cyberattacks and cyber incidents, said Brigadier General Volodymyr Karastelyov, who heads the department. Government agencies, banks and defense structures draw steady fire. So do the media, which Karastelyov named a priority target for Russian operations.
The television station attack showed the method. “The botnet generated up to 200,000 requests per minute from nodes in Asia, Europe, and the US,” Karastelyov said. The traffic hit the site’s application layer, mimicking real users to exhaust the server rather than simply flooding it with raw volume. SSU specialists kept the site online. The aim was denial: to make it harder for a Ukrainian audience to reach a Ukrainian source, creating the kind of information vacuum that invites something else to fill it.
When the goal is the byline, not the outage
Knocking a site offline is the blunt approach. Stealing its voice is the subtler one. In 2025, the SSU said, attackers struck another Ukrainian television group with a phishing campaign while probing adjacent systems, working to seize the outlet and publish propaganda under its own trusted name. Investigators caught the intrusion before the takeover succeeded.
For information governance and eDiscovery professionals, that scenario should read as both familiar and alarming. An adversary that captures a publisher’s content management system does not just steal data; it manufactures a false but authentic-looking record, signed with a legitimate credential. Separating the real article from the forgery afterward becomes a forensic exercise, one that leans on preserved logs, version history and defensible chain of custody. The strongest defense is assembled before the breach: strict access controls, tamper-evident logging and archived snapshots that let an organization prove what it published, and when.
Europe moves to shore up the defense
The institutional response has quickened. On June 10, the European Union launched EU4CyberUA, a €10 million, four-year program running from 2026 to 2029 to align Ukraine’s cyber defenses with EU standards. Days later, the Council of the European Union approved Ukraine’s entry into the EU Cybersecurity Reserve, giving Kyiv access to incident-response help from vetted private providers, coordinated through the EU Agency for Cybersecurity, during large-scale attacks.
Ukraine is also pushing defense down to the newsroom floor. The SSU and the National Council of Ukraine on Television and Radio Broadcasting ran cybersecurity training at 20 venues across 21 regions in 2026, reaching about 450 editors, journalists and technical staff. “The main aim of the joint project is not only to respond to cyber-attacks after they have already occurred, but also to build up the practical capacity of regional newsrooms to independently detect threats,” said Olha Herasymiuk, who chairs the National Council.
What the record demands of practitioners
Strip away the geography and the lesson travels. The tactics tested against Ukrainian media, credential theft aimed at publishing rights, DDoS floods engineered to pass as human traffic, and disinformation timed to diplomatic calendars, reach corporate communications teams, law firms and regulated institutions far from any front line. A DDoS built to imitate real users slips past defenses tuned only for crude volume. A propaganda takeover of a trusted account is a data-integrity incident with legal and evidentiary tails.
The practical steps are unglamorous and portable: keep tamper-evident logs, preserve the metadata that establishes authenticity, rehearse incident response before it is needed, and treat the integrity of the published record as an asset worth defending. The organizations that weather the next information operation will be the ones that can show, quickly and defensibly, what they said and what they did not.
Which returns the story to those three silent hours. The attackers blew nothing up; they tried to erase a signal and, failing that, to counterfeit one. As the fighting grinds toward another round of talks, the sharper question for anyone who manages information is not whether the next attack will land, but this: when someone tries to speak in your name, will you be able to prove they did not?

News sources
- SSU neutralised over 16,000 russian cyberattacks and cyber incidents since war started (GlobalSecurity.org)
- Ukraine’s media are top Russian cyber target: Hackers hit Ukrainian TV site with 200,000 requests in minute (Euromaidan Press)
- Ukrainian media outlets now among ‘priority targets’ for Russian hackers (The Record)
- Russian Offensive Campaign Assessment, July 7, 2026 (Institute for the Study of War)
- Russian Offensive Campaign Assessment, July 1, 2026 (Institute for the Study of War via Kyiv Post)
- Ukraine gains access to EU Cybersecurity Reserve (Ukrinform)
- Ukraine can now tap EU cyber support during major attacks (Help Net Security)
- EU launches EU4CyberUA project to strengthen Ukraine’s cybersecurity and resilience (FIIAPP)
Assisted by GAI and LLM Technologies
Additional reading
- Confirmed versus claimed: reading the gap in Russia’s June offensive
- When the flag may be fake: Ukraine’s June war and the new burden of proof
- When the drone war reaches the reactor fence: Ukraine and the cyber-physical front
- When the refineries burn: Ukraine’s strikes turn Russia’s energy backbone into a cautionary tale
- The night Ukrainian drones exposed gaps in Moscow’s defenses and state TV gave it 60 seconds
- From warning to funding: Russia’s expanding media machine and the risk signals ahead
- Invisible by design: NATO’s 2026 cognitive warfare paper and the crisis of discovery
- When Your Legal Tech Vendor Gets Breached: DocketWise Incident Exposes 116,666 Immigration Records and a Profession’s Blind Spot
- The DOJ’s Cyber FCA Playbook Is Working as Enforcement Triples and Shows No Signs of Slowing
- FTC’s OkCupid Action Reframes AI Training Data as a Consumer Protection Issue
- White House AI Framework Signals New Compliance Stakes for Legal, Cybersecurity, and eDiscovery
- The Gatekeeper’s Key: How the Conformity Assessment Unlocks the EU AI Market
Source: ComplexDiscovery OÜ

ComplexDiscovery’s mission is to enable clarity for complex decisions by providing independent, data‑driven reporting, research, and commentary that make digital risk, legal technology, and regulatory change more legible for practitioners, policymakers, and business leaders.



























