Kathrine Frich
Modern warfare is no longer fought only with missiles and artillery.
Increasingly, battles are unfolding behind screens, where a single malicious file can cause disruption far from the front line.
In the latest sign of how cyber tactics are reshaping the conflict, a reported digital strike has targeted Russian military personnel and their personal devices.
Devices infected
The partisan movement ATESH said the cyberattack took place overnight between February 23 and 24, coinciding with Russia’s Defender of the Fatherland Day celebrations.
According to a statement released on February 25, members of Russia’s “Dnepr” and “East” military formations were affected after opening malicious files on personal devices.
“The virus infiltrated hundreds of phones and computers used by Russian military personnel. As a result, mass checks were carried out within the units, a ban on personal mobile devices was enforced, and official investigations were launched,” the statement said.
ATESH claimed that several senior officers based at military headquarters were among those impacted.
Data at risk
The group warned that the breach could have exposed official documents, private correspondence and military coordinates stored on infected devices.
If confirmed, such a compromise could reveal the locations of command centres, ammunition depots and repair facilities, as well as troop movements.
Cybersecurity specialists are reportedly examining equipment belonging to individuals suspected of being affected.
Pattern of attacks
Russian defence-linked entities have previously been targeted by cyber operations.
In December 2025, defence and technology firms were struck in what cybersecurity company Intezer described as a cyber-espionage campaign.
Intezer linked that operation to a group known as “Paper Werewolf,” also referred to as GOFFEE, which has been active since 2022 and is widely believed to support Ukraine.
According to the firm, the campaign used AI-generated decoy documents, including fake invitations and fabricated correspondence purporting to come from Russia’s Ministry of Industry and Trade, to trick employees into opening malicious attachments.
Separately, Ukraine’s Defence Intelligence has previously reported carrying out a cyberattack that disrupted Russia’s national payment system, which officials said had been used to funnel funds to organisations supporting the war effort.
Sources: ATESH statement, Intezer, united24media.
