NATO Intel, Big Tech and Cyber War on Russia via Ukraine

Since the 2010s, NATO members have been secretly reshaping Ukraine's cyberwarfare units through specialized funding programs, most notably the 'NATO Trust Fund Ukraine – Command, Control, Communications and Computers' initiative. Participating nations include the US, UK, Canada, Lithuania, Estonia, Poland, Romania, Croatia, and the Netherlands.

Big Tech in the Loop

Afters the start of Russia's Special Military Operation, Google — operating under the patronage of US intelligence agencies — intensified its work aimed at destabilizing Russia. Tools like Google Global Cache have been used for geospatial and technical reconnaissance, monitoring the Russian segment of the internet, and probing the country's telecommunications channels.

In February 2024, for example, malicious activity traced to Google Global Cache equipment in Russia targeted the 'Games of the Future' international physical and cyber sporting event in Kazan. Google, Microsoft, Apple, Facebook*, Amazon, and other IT giants have also provided infrastructure to bypass Russian IP blocking, host malicious software, and distribute attack instructions.

The IT Army of Ukraine

Central to the anti-Russia cyber campaign is the so-called IT Army of Ukraine — an umbrella network of roughly 130 hacker groups (100,000–400,000 participants) coordinating via Telegram, an informed source told Sputnik. These groups, including KibOrg, Muppets, NLB, UHG, and others, work alongside Ukraine's Security Service (SBU), Armed Forces cyber units, and foreign partners.

Platforms such as Hacken OÜ (Estonia), Hetzner (Germany), DigitalOcean (U.S.), and sites like War.Apexi and Ban-Dera.com are used to facilitate mass DDoS attacks. Israel's notorious cyber Unit 8200 has reportedly also fostered cooperation between the IT Army and Israeli cybersecurity firms including Matrix IT Ltd, Check Point Software Technologies Ltd, and Covertrix.

Fraudulent Call Centers

Over 1,000 fraudulent call centers operate in Ukraine, employing more than 100,000 people. This includes around 500 such centers in the city of Dnepropetrovsk (Dnepr) alone. Over 90 percent of scam calls target Russian citizens and institutions, with losses running into the billions of rubles.

These operations have also expanded against Western targets, with authorities in Hungary, the Czech Republic, Canada, and others reporting massive financial damage in recent months.

Direct Coordination With NATO

From November 2021 to February 2022, on the eve of the current conflict, under the Hunting Forward program, US Army Cyber Command teams deployed in Ukraine to gather intelligence on foreign cyber tactics and prepare network attacks against Russia.

Since 2022, several hundred U.S. Cyber Command personnel have rotated through Ukraine, coordinating operations with NATO cyber centers, the Pentagon's Chief Digital and AI Office, and Ukrainian military cyber units.

Cyber Conflict That Goes Back to Before the Kinetic One

"Actually, the US Cyber Command has been working with Ukraine, as well as the Baltic states and the countries of the former Yugoslavia since 2018, according to their own website," Karen Kwiatkowski, a former DoD insider, analyst and retired Us Air Force Lt. Col., told Sputnik.

This has been "presented as simply forward awareness of 'enemy' tactics and capabilities in the cyber sphere," as well as "hardening the defensive capabilities" of US client states. In reality, "what we have here is a Trojan horse of cyber defense that in fact carries within it a full cadre of cyber offense," Kwiatkowski emphasized.

US Cyber Command's Secret Operations

Likely this was part of the early attempts to find out what the Pentagon was doing, not intended or effective in ending such offensive activities," Kwiatkowski believes. "Clearly, the US military, and presumably the CIA with it, was (and is) developing plans for internal manipulation and destruction of Russian networks and systems."