According to The Cyber Express, Russia is actively exploiting stolen Ukrainian IP addresses to conceal its cyberattacks targeting European entities. This allows Russian actors to disguise the origin of their operations, making them appear to originate from Ukraine or Europe, significantly complicating attribution and countermeasures.
The addresses in question are IPv4 blocks seized in the occupied regions of Ukraine following the events of 2014 and 2022. The occupying forces illegally re-registered these digital resources through the international organization RIPE NCC, despite protests from the Ukrainian side. As a result, Russia gained the ability to use “foreign” IP addresses as cover for conducting hostile operations in cyberspace.
Experts note that such actions pose a direct threat to the digital security of the entire European continent. Attacks launched through Ukrainian IP addresses may be mistakenly attributed to Ukraine or European actors, provoking diplomatic complications, undermining trust between partners, and complicating the work of EU and NATO cybersecurity services.
The situation underscores the growing problem of the weaponization of civilian digital infrastructure in modern hybrid conflict. European organizations are advised to strengthen traffic monitoring, improve attribution mechanisms, and enhance coordination with Ukrainian counterparts to counter such tactics.