Are these drone attacks considered cyberattacks?

Not in the traditional sense. They are kinetic (physical) attacks. However, they are cyber-enabled, relying on digital systems like GPS for navigation. The defense against them often involves cyber techniques like electronic warfare (jamming/spoofing), and they are frequently part of a broader hybrid warfare strategy that includes separate, parallel cyberattacks on targets like the power grid.

What is a Shahed-136 drone?

It is an Iranian-designed 'one-way attack' drone, also known as a loitering munition or 'kamikaze' drone. Russia rebrands it as the 'Geran-2.' It is a relatively low-cost, propeller-driven drone designed to fly a pre-programmed route using satellite navigation and detonate its explosive warhead upon reaching the target.

How does electronic warfare (EW) work against these drones?

EW primarily targets the drone's reliance on satellite navigation. Jamming involves broadcasting powerful radio noise to overwhelm the faint GPS/GLONASS signals, causing the drone to lose its position. Spoofing is a more advanced technique that feeds the drone false satellite signals, tricking it into navigating to the wrong location, away from the intended target.

Why does Russia use these drones instead of more advanced missiles?

The primary reasons are cost and quantity. Shahed drones are estimated to cost around $20,000-$50,000 each, far cheaper than cruise or ballistic missiles which can cost millions. This allows Russia to launch them in large numbers (swarms) to overwhelm and deplete Ukraine's more expensive air defense interceptors in a strategy of attrition.

Anatomy of a swarm: Deconstructing Russia's hybrid drone attacks on Ukraine

The blurring lines of modern conflict

In late November and early December 2023, Ukraine faced one of the most intense aerial bombardments since the start of the full-scale invasion. Reports from the period described waves of Russian drones targeting major cities, most notably a massive assault on Kyiv on November 25. While the explosions and air raid sirens were physical, the operation itself represents a critical case study in modern hybrid warfare, where kinetic force is inseparable from the digital systems that guide it and the cyber operations that often accompany it.

This analysis deconstructs these large-scale drone attacks, moving beyond the headlines of physical destruction to examine the underlying technology, the cyber-physical attack surface, and the broader implications for national security and critical infrastructure protection.

Background: A strategy of attrition

The attacks in late 2023 were not an isolated event but an escalation of Russia's long-standing strategy to cripple Ukraine's critical infrastructure and civilian morale. A major attack on November 25 saw Russia launch approximately 75 Iranian-designed Shahed-136/131 drones, with the Ukrainian Air Force reporting the successful interception of 74 (Source: Reuters). Subsequent days saw continued, albeit smaller, waves targeting southern and eastern regions.

These assaults are often characterized as "energy terror," timed to coincide with the onset of winter to maximize pressure on the civilian population by disrupting power and heat. The choice of weapon—the relatively inexpensive, mass-produced Shahed drone—is strategic. It allows Russia to launch large swarms intended to overwhelm and exhaust Ukraine's more sophisticated and costly air defense missile stockpiles. It's a war of attrition fought not just in the skies, but on the balance sheets of military logistics.

Technical details: The cyber-physical vector

While a Shahed drone delivers a kinetic payload, its operation is entirely dependent on a chain of digital technologies. Understanding this chain reveals the cyber-physical nature of the threat.

The Shahed-136 ("Geran-2"): This one-way attack drone, often called a "loitering munition," is not a high-tech weapon. Its strength lies in its simplicity and numbers. Key components include:

Navigation System: The primary guidance system relies on satellite navigation, likely using Russia's GLONASS and the public GPS network. This is its most significant digital vulnerability. The coordinates of a target are pre-programmed, and the drone follows this path. Some variants may include a basic inertial navigation system (INS) as a backup to continue toward a target if satellite signals are lost.
Control and Communication: Unlike more advanced drones that require a constant command-and-control (C2) link, the Shahed is largely a "fire-and-forget" system. This makes it resilient to communication jamming once it's en route, but it also means its flight path cannot be easily altered after launch.
Propulsion: A simple piston engine gives the drone its distinctive and audible "moped-like" sound, which has become a tell-tale sign of an impending attack.

The primary cyber defense against such systems is not hacking in the traditional sense, but Electronic Warfare (EW). EW techniques used by Ukraine include:

GPS Jamming: Broadcasting powerful radio noise on satellite navigation frequencies to drown out the weak signals from space. This can cause the drone to lose its positioning and go off course.
GPS Spoofing: A more sophisticated technique that involves broadcasting false satellite signals to trick the drone's receiver into calculating an incorrect position, leading it away from its intended target.

The battle between drone navigation and EW is a constant cat-and-mouse game. Russia attempts to harden its drones against EW, while Ukraine and its allies develop more powerful and adaptable jamming and spoofing technologies. This digital fight is just as important as the physical interception by anti-aircraft guns and missiles.

Impact assessment: Beyond the blast radius

The impact of these drone swarms extends far beyond the immediate physical damage to buildings and infrastructure.

Critical Infrastructure Operators: Energy, telecommunications, and logistics sectors are the primary targets. A successful strike on a substation doesn't just cause a blackout; it disrupts the industrial control systems (ICS) and SCADA networks that manage the grid. These digital systems become a secondary target, as operators must contend with power surges, cascading failures, and potential vulnerabilities exposed during emergency recovery efforts.
Civilians and Government: The psychological impact is a key objective. Nightly attacks disrupt sleep, create constant anxiety, and aim to break the will of the population. This is often amplified by coordinated disinformation campaigns that spread panic and mistrust in the government's ability to protect its citizens.
Military and Defense: The drone swarms force a constant state of high alert for air defense crews. More critically, they deplete a finite supply of advanced interceptor missiles that cost orders of magnitude more than the drones they destroy. This resource drain is a central pillar of Russia's strategy.

Furthermore, these kinetic attacks do not happen in a vacuum. They are often part of a coordinated campaign that includes cyberattacks. Threat groups like Russia's GRU-linked Sandworm have a history of targeting Ukraine's energy sector with malware like Industroyer2, designed to manipulate circuit breakers in electrical substations (Source: ESET Research). A physical drone attack on a facility could be timed with a cyberattack aimed at hampering the operators' ability to respond, creating a compound crisis.

How to protect yourself: Building digital and physical resilience

For organizations and individuals in or supporting regions facing hybrid threats, protection requires a multi-layered approach that acknowledges the link between the digital and physical worlds.

For Critical Infrastructure and Businesses:

Assume GPS Disruption: Systems that rely exclusively on GPS for timing or positioning are fragile. Build in redundancy with alternative timing sources and ensure systems can fail gracefully or operate on internal clocks during a GPS outage.
Harden ICS/OT Networks: The operational technology (OT) networks that control physical processes must be segregated from IT networks. Implement strict access controls, monitor for anomalous activity, and have a tested incident response plan specifically for OT environments.
Comprehensive Backups: Maintain isolated, offline backups of critical data and system configurations. In a hybrid attack, a physical strike could be a diversion for a ransomware or wiper attack. Ensure you can restore operations without network connectivity.

For Individuals and Remote Workers:

Secure Your Communications: In a conflict zone, digital communications are a target for espionage and disruption. Using strong, end-to-end encryption for messaging and voice calls is fundamental. For general internet access, a reputable VPN service can help protect your data from interception on untrusted networks.
Be Skeptical of Information: Disinformation is a key weapon in hybrid warfare. Verify information through multiple, credible sources before sharing. Be wary of emotionally charged content designed to provoke a reaction.
Maintain Situational Awareness: Use official government alert apps and channels to stay informed about physical threats. Have a plan for power outages and disruptions to communication services.

The large-scale drone attacks on Ukraine are a stark reminder that modern conflict is not confined to a single domain. Every physical explosion has a digital echo, and every line of malicious code can have a kinetic consequence. Defending against this reality requires us to tear down the artificial wall between cybersecurity and physical security and build a unified strategy for resilience.