Mobile Networks and Cyber Operations Enabling Drone Warfare in the Russia–Ukraine Conflict
Ukrainian hacktivists linked to the Fenix cyber analytics center, supported by InformNapalm, reported compromising accounts belonging to dozens of Russian military personnel and gaining access to monitoring systems used by Russian attack-drone operators. The operation allegedly enabled covert, near real-time surveillance of drone-operator activity and the transfer of collected data to Ukrainian Defense Forces, and it was cited in reporting around Ukraine’s decision to sanction Belarusian leader Alyaksandr Lukashenka over Belarus’s role in enabling Russia’s use of repeater infrastructure on Belarusian territory to extend UAV control and expand strike reach into northern Ukraine, including against energy and rail targets.
Separately, Dutch intelligence services (AIVD/MIVD) warned that Russia is intensifying a broader hybrid warfare campaign across Europe—combining cyberattacks, sabotage, disinformation, covert influence, and espionage—to undermine public trust and weaken support for Ukraine while staying below the threshold of open war. In parallel, telecom-focused research highlighted how public mobile networks are increasingly being used as command/telemetry links for combat drones, citing examples from the Russia–Ukraine war and describing how 4G/5G standards work (e.g., 3GPP enhancements in Releases 15–18) has made cellular-connected UAV operations more feasible—raising infrastructure-security concerns for mobile operators and national critical infrastructure.
Timeline
Feb 18, 2026
Zelenskyy sanctions Lukashenka over Belarus's support for Russian UAV operations
On February 18, 2026, Ukrainian President Volodymyr Zelenskyy imposed sanctions on Belarusian leader Alyaksandr Lukashenka, citing Belarus's role in enabling Russia's war effort, including support for attack UAV operations.
Dec 1, 2025
Compromised Russian drone operators are covertly monitored
During the cyber operation disclosed in 2026, Ukrainian hacktivists allegedly maintained round-the-clock surveillance of Russian attack drone operators and rapidly passed collected intelligence to Ukrainian Defense Forces.
Oct 1, 2025
Ukraine-linked hacktivists begin months-long operation against Russian drone operators
Over a months-long campaign in 2025, hacktivists from the Fenix cyber analytics center, with InformNapalm volunteers, allegedly compromised accounts of dozens of Russian military personnel and accessed systems used by attack drone operators.
Jul 1, 2025
Russia deploys UAV repeater systems in Belarus
In the second half of 2025, Russia reportedly deployed repeater systems in Belarus to control attack UAVs, extending strike reach into northern Ukrainian regions including areas from Kyiv to Volyn.
Jun 2, 2025
Russian authorities increase temporary mobile shutdowns after airfield attack
Following the June 1, 2025 strike, Russian authorities reportedly expanded temporary mobile network shutdowns, suggesting recognition that cellular networks were being used as a drone-control channel.
Jun 1, 2025
Ukrainian strike hits five Russian airfields using mobile-connected drones
On June 1, 2025, Ukraine reportedly carried out a drone strike on five Russian airfields using public mobile connectivity for telemetry, command, and imagery during the operation.
Jun 1, 2024
Russian drone operations expand cellular use to video and command links
By 2024, Russian forces had reportedly broadened their use of mobile connectivity from telemetry to include video transmission and command-and-control for drones.
Nov 1, 2023
Russian forces begin observed experimentation with cellular-linked drones
From late 2023, Russian drone use over Ukraine was reportedly observed incorporating public mobile networks, initially for telemetry functions.
Jun 1, 2023
Ukraine reports SIM-based drone telemetry and activation incidents
By mid-2023, public reporting from Ukraine cited incidents in which drones used SIM-based connectivity for telemetry or activation, indicating early wartime use of mobile networks in drone operations.
Jun 1, 2018
3GPP starts standardizing mobile-network support for drones
Through 3GPP Releases 15 through 18, the mobile industry developed standards for using cellular networks with drones, advancing capabilities for telemetry, command, and data links.
Jan 1, 2015
Telecom industry begins cellular drone connectivity trials
In the mid-2010s, telecom vendors and standards bodies began exploring how public mobile networks could support drone communications, laying groundwork for later battlefield use.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
Rising Drone Threats to Military and Critical Infrastructure in Europe
The UK Ministry of Defence reported a sharp increase in **drone sightings near British military bases**, citing **266 incidents** last year versus **126 in 2024**, and linked the trend to concerns about hostile reconnaissance of sensitive defence sites, including airbases used by the **US Air Force**. In response, the UK government is moving to expand authorities under the **Armed Forces Bill** so designated military personnel can directly intervene against threatening uncrewed systems—covering **air, land, and submersible drones**—without first requiring police involvement. In Ukraine, **SpaceX and Ukrainian authorities** implemented an **emergency measure** to disable **unauthorized Starlink terminals** being used to control Russian long-range drones, following reports that Russia continued leveraging Starlink-enabled connectivity for strikes deeper inside Ukraine. Ukrainian officials characterized the action as a temporary fix that may also disrupt some legitimate users, while SpaceX and Ukraine pursue a more durable approach to prevent unauthorized use of the satellite service in contested environments—highlighting how **commercial communications infrastructure** is being exploited as part of drone-enabled warfare and broader hybrid threats across Europe.
1 months ago
Escalating Russian Hybrid Warfare and Policy Responses in Europe
New analysis warns Russia is likely to escalate its opportunistic hybrid activity in Europe into a more coordinated campaign consistent with **New Generation Warfare (NGW)** doctrine, integrating cyber operations, influence activity, and sabotage across a broader geographic footprint and at higher tempo. The assessment anticipates more synchronized, multi-domain actions designed to degrade NATO cohesion and readiness—such as pairing physical disruption (for example, airspace violations affecting critical infrastructure like airports) with cyberattacks (for example, **DDoS** against communications) to amplify operational and psychological impact. Ukrainian officials are simultaneously pushing for tighter regulation of **Telegram**, citing its repeated use by Russian intelligence to recruit locals for sabotage and terrorist attacks; the calls followed a deadly incident in Lviv that Ukrainian leadership attributed to Russia and said involved recruitment via Telegram. Separately, polling across major NATO countries indicates strong public support for treating severe hybrid actions—such as cyberattacks that shut down hospitals or power grids and sabotage of undersea cables or energy pipelines—as **acts of war**, highlighting a growing gap between public sentiment and NATO governments’ typically restrained responses to hybrid aggression.
1 months ago
Geopolitically Driven Cyber Activity and Hybrid Operations Escalate Across Europe and Major Events
Multiple reports describe an uptick in **state-linked and politically motivated cyber activity** in Europe, framed as part of broader **hybrid warfare**. Dutch intelligence (AIVD/MIVD) warned that Russia is intensifying a mix of cyberattacks, sabotage, disinformation, covert influence, and espionage designed to stay below the threshold of open conflict while testing Western red lines and undermining support for Ukraine. Related policy commentary notes growing calls from European and NATO officials for stronger “strike back” or offensive cyber capacity, but argues that political will and proportional response options—especially against proxy-driven sabotage—remain the limiting factors rather than technical capability. Separately, threat reporting tied to the **2026 Winter Olympics** indicates increased **hacktivist mobilization and targeting chatter** against Olympic-adjacent entities (e.g., transportation, sponsors, and overlapping supply chains), alongside continued targeting of the defense industrial base by a mix of hacktivists, state actors, and cybercriminals. A case study on Venezuela’s Caracas outage during “Operation Absolute Resolve” cautions against attributing major disruptions to “cyber-only” effects when available evidence also indicates substantial **kinetic/physical damage** to substations, underscoring that modern operations may integrate cyber and physical actions and that misframing can distort infrastructure security priorities.
3 days ago