{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,12]],"date-time":"2026-01-12T22:51:10Z","timestamp":1768258270345,"version":"3.49.0"},"reference-count":58,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,1,16]],"date-time":"2025-01-16T00:00:00Z","timestamp":1736985600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,1,16]],"date-time":"2025-01-16T00:00:00Z","timestamp":1736985600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100015276","name":"Sabanc\u0131 University","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100015276","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,2]]},"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>Distributed denial of service (DDoS) attacks have become a prominent threat in the digital landscape, with their frequency and impact magnifying during geopolitical conflicts. The Ukraine-Russia conflict, which commenced in February 2022, witnessed a surge in DDoS attacks, becoming the most common type of cyber assault during this period. This study examines the frequency and patterns of DDoS attacks throughout the Russo-Ukraine cyberwarfare, identifying the sectors most affected. By analyzing messages from Telegram channels containing IP addresses and URLs, we identified 4,612 unique victim domain names, with 3,090 targeted by Ukrainian hacktivist groups (pro-Ukrainian) and 1,522 by Russian hacktivist groups (pro-Russian). We observed distinct DDoS attack patterns between pro-Ukrainian and pro-Russian collectives. Ukrainian groups exhibited peak activity during May, June, and July, with a noticeable decline towards the end of 2022. In contrast, the pro-Russian group\u2019s activities intensified in late 2022. Our investigation highlights that pro-Ukrainian collectives, particularly \u2018IT Army of Ukraine 2022\u2019, were the most active in conducting DDoS attacks and operated with higher synchronicity. Our findings also indicate that crucial portals for information and services, particularly those related to news, government, business, finance, and travel, were consistently targeted by DDoS attacks. The majority of these victim domains lacked adequate DDoS protection during the assaults, with few improving their security measures post-attack. The study also reveals that DDoS attacks predominantly occurred on Saturdays, Sundays, and Mondays. Our results underscore the necessity for enhanced cybersecurity measures in vulnerable sectors to mitigate the impact of DDoS attacks during times of conflict.<\/jats:p>","DOI":"10.1007\/s10207-025-00981-w","type":"journal-article","created":{"date-parts":[[2025,1,16]],"date-time":"2025-01-16T17:37:12Z","timestamp":1737049032000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["From frontlines to online: examining target preferences in the Russia\u2013Ukraine conflict"],"prefix":"10.1007","volume":"24","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3734-3133","authenticated-orcid":false,"given":"Nasim","family":"Tavakkoli","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9670-0295","authenticated-orcid":false,"given":"Or\u00e7un","family":"\u00c7etin","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0003-3790-4839","authenticated-orcid":false,"given":"Emre","family":"Ekmekcioglu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4869-5556","authenticated-orcid":false,"given":"Erkay","family":"Sava\u015f","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,1,16]]},"reference":[{"key":"981_CR1","doi-asserted-by":"crossref","unstructured":"James\u00a0M Acton. Cyber warfare & inadvertent escalation. Daedalus, 149(2):133\u2013149, 2020","DOI":"10.1162\/daed_a_01794"},{"issue":"4","key":"981_CR2","doi-asserted-by":"publisher","first-page":"521","DOI":"10.17781\/P001973","volume":"4","author":"J Limn\u00e9ll","year":"2015","unstructured":"Limn\u00e9ll, J.: The exploitation of cyber domain as part of warfare: Russo-ukrainian war. Int. J. Cyber-Secur. Digit. Forens 4(4), 521\u2013532 (2015)","journal-title":"Int. J. Cyber-Secur. Digit. Forens"},{"key":"981_CR3","unstructured":"Thales Cyber Threat\u00a0Intelligence Team. 2022-2023: A year of cyber conflict in ukraine. Thales, March, 2023"},{"issue":"1","key":"981_CR4","first-page":"10","volume":"22","author":"B Van Niekerk","year":"2023","unstructured":"Van Niekerk, B.: The evolution of information warfare in ukraine: 2014 to 2022. J. Inform. Warfare 22(1), 10\u201331 (2023)","journal-title":"J. Inform. Warfare"},{"key":"981_CR5","unstructured":"CyberPeace Institute. Cyber dimensions of the armed conflict in ukraine, quarterly analysis report q3 july to september 2022. https:\/\/cyberpeaceinstitute.org\/wp-content\/uploads\/Cyber%20Dimensions_Ukraine%20Q3%20Report.pdf, 2022. Last accessed: August 24, 2024"},{"key":"981_CR6","unstructured":"CyberPeace Institute. Cyber dimensions of the armed conflict in ukraine, quarterly analysis report q4 october to december2022. https:\/\/cyberpeaceinstitute.org\/wp-content\/uploads\/Cyber%20Dimensions_Ukraine%20Q4%20Report.pdf, 2022. Last accessed: August 24, 2024"},{"key":"981_CR7","unstructured":"CyberPeace Institute. Cyber dimensions of the armed conflict in ukraine, quarterly analysis report q1 january to march 2023. https:\/\/cyberpeaceinstitute.org\/wp-content\/uploads\/2023\/05\/Ukraine-Report-Q1_FINAL.pdf, 2023. Last accessed: August 24, 2024"},{"key":"981_CR8","doi-asserted-by":"crossref","unstructured":"Lech Janczewski and Andrew Colarik. Cyber warfare and cyber terrorism. IGI Global, 2007","DOI":"10.4018\/978-1-59140-991-5"},{"key":"981_CR9","volume-title":"Russia\u2019s approach to cyber warfare","author":"M Connell","year":"2017","unstructured":"Connell, M., Vogler, S.: Russia\u2019s approach to cyber warfare. CNA Arlington, VA (2017)"},{"key":"981_CR10","volume-title":"Understanding cyber-warfare: politics, policy and strategy","author":"W Christopher","year":"2023","unstructured":"Christopher, W., Brian, M.: Understanding cyber-warfare: politics, policy and strategy. Routledge (2023)"},{"key":"981_CR11","doi-asserted-by":"publisher","DOI":"10.4324\/9780429470509","volume-title":"Information warfare in the age of cyber conflict","author":"C Whyte","year":"2020","unstructured":"Whyte, C., Thrall, A.T., Mazanec, B.M.: Information warfare in the age of cyber conflict. Routledge (2020)"},{"key":"981_CR12","first-page":"163","volume":"3","author":"J Nazario","year":"2009","unstructured":"Nazario, J.: Politically motivated denial of service attacks. The virtual battlefield: Perspectives on cyber warfare 3, 163\u2013181 (2009)","journal-title":"The virtual battlefield: Perspectives on cyber warfare"},{"issue":"2","key":"981_CR13","doi-asserted-by":"publisher","first-page":"103","DOI":"10.33179\/bsv.99.svi.11.cmc.24.2.6","volume":"24","author":"D \u0160Trucl","year":"2022","unstructured":"\u0160Trucl, D.: Russian aggression on ukraine: cyber operations and the influence of cyberspace on modern warfare. Contemp. Military Challenges\/Sodobni Voja\u0161ki Izzivi 24(2), 103\u2013123 (2022)","journal-title":"Contemp. Military Challenges\/Sodobni Voja\u0161ki Izzivi"},{"key":"981_CR14","volume-title":"Cyber and information warfare in the ukrainian conflict","author":"M Baezner","year":"2018","unstructured":"Baezner, M.: Cyber and information warfare in the ukrainian conflict. Technical report, ETH Zurich (2018)"},{"key":"981_CR15","unstructured":"Stinissen, J., and Geers, K.,. A legal framework for cyber operations in ukraine. Cyber War in Perspective: Russian Aggression against Ukraine. NATO CCD COE Publications, Tallinn, pages 123\u2013134, 2015"},{"key":"981_CR16","unstructured":"Maurer, T., and Geers, K., Cyber proxies and the crisis in ukraine. Cyber war in perspective: Russian aggression against Ukraine, pages 79\u201386, 2015"},{"key":"981_CR17","unstructured":"Izycki, E., and Vianna, E. W., Critical infrastructure: A battlefield for cyber warfare? In: ICCWS 2021 16th International Conference on Cyber Warfare and Security, page 454. Academic Conferences Limited, 2021"},{"key":"981_CR18","unstructured":"Kovanen, T., Nuojua, and Martti Lehto,M., Cyber threat landscape in energy sector. In: ICCWS 2018 13th International Conference on Cyber Warfare and Security, page 353. Academic Conferences and publishing limited, 2018"},{"key":"981_CR19","doi-asserted-by":"crossref","unstructured":"Geiger,M., Bauer, J., Masuch, M., and Franke, J., An analysis of black energy 3, crashoverride, and trisis, three malware approaches targeting operational technology systems. In: 2020 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), volume\u00a01, pages 1537\u20131543. IEEE, 2020","DOI":"10.1109\/ETFA46521.2020.9212128"},{"key":"981_CR20","doi-asserted-by":"crossref","unstructured":"Tang, Y., Chen, Q., Li, M., Wang, Q., Ni, M., and Fu, X., Challenge and evolution of cyber attacks in cyber physical power system. In: 2016 IEEE PES Asia-Pacific Power and Energy Engineering Conference (APPEEC), pages 857\u2013862. IEEE, 2016","DOI":"10.1109\/APPEEC.2016.7779616"},{"key":"981_CR21","unstructured":"Greenberg, A., Sandworm: A new era of cyberwar and the hunt for the Kremlin\u2019s most dangerous hackers. Anchor, 2019"},{"key":"981_CR22","unstructured":"Salt, A., and Sobchuk, M., Russian cyber-operations in ukraine and the implications for nato. Canadian Global Affairs Institute, pages 1\u20135, 2021"},{"key":"981_CR23","doi-asserted-by":"crossref","unstructured":"Lika, R. A., Murugiah, D., Brohi, S. N., and Daksha Ramasamy. Notpetya: cyber attack prevention through awareness via gamification. In: 2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE), pages 1\u20136. IEEE, 2018","DOI":"10.1109\/ICSCEE.2018.8538431"},{"issue":"8","key":"981_CR24","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1016\/S1361-3723(18)30077-0","volume":"2018","author":"S Mansfield-Devine","year":"2018","unstructured":"Mansfield-Devine, S.: Nation-state hacking-a threat to everyone. Comput. Fraud & Secur. 2018(8), 17\u201320 (2018)","journal-title":"Comput. Fraud & Secur."},{"key":"981_CR25","unstructured":"CyberPeace Institute. Cyber attacks in times of conflict. https:\/\/cyberconflicts.cyberpeaceinstitute.org\/, 2024. Last accessed: August 24, 2024"},{"key":"981_CR26","unstructured":"Smith, B., Defending ukraine: Early lessons from the cyber war. Microsoft, June, 22, 2022"},{"key":"981_CR27","doi-asserted-by":"crossref","unstructured":"Vu, A., Thomas, D., Collier, B., Hutchings, A., Clayton, R., and Anderson R., Getting bored of cyberwar: Exploring the role of low-level cybercrime actors in the russia-ukraine conflict. In: WWW The ACM Web Conference 2024, 2024","DOI":"10.1145\/3589334.3645401"},{"issue":"2","key":"981_CR28","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1162\/isec_a_00418","volume":"46","author":"L Maschmeyer","year":"2021","unstructured":"Maschmeyer, L.: The subversive trilemma: why cyber operations fall short of expectations. Int. Secur. 46(2), 51\u201390 (2021)","journal-title":"Int. Secur."},{"issue":"3","key":"981_CR29","doi-asserted-by":"publisher","first-page":"475","DOI":"10.1080\/02684527.2024.2321693","volume":"39","author":"AF Brantly","year":"2024","unstructured":"Brantly, A.F., Brantly, N.D.: The bitskrieg that was and wasn\u2019t: the military and intelligence implications of cyber operations during russia\u2019s war on ukraine. Intell. Nat. Secur. 39(3), 475\u2013495 (2024)","journal-title":"Intell. Nat. Secur."},{"key":"981_CR30","unstructured":"Cattler, D., and Black, D., The myth of the missing cyberwar. Foreign Affairs, 6, 2022"},{"issue":"4","key":"981_CR31","first-page":"31","volume":"7","author":"H Lin","year":"2022","unstructured":"Lin, H.: Russian cyber operations in the invasion of ukraine. The Cyber Defense Rev. 7(4), 31\u201346 (2022)","journal-title":"The Cyber Defense Rev."},{"key":"981_CR32","unstructured":"Kostyuk, N., and Gartzke, E., Why cyber dogs have yet to bark loudly in russia\u2019s invasion of ukraine (summer 2022). 2022"},{"key":"981_CR33","volume-title":"Cyber operations in russia\u2019s war against ukraine: Uses, limitations, and lessons learned so far","author":"M Schulze","year":"2023","unstructured":"Schulze, M., Kerttunen, M.: Cyber operations in russia\u2019s war against ukraine: Uses, limitations, and lessons learned so far. Technical report, SWP Comment (2023)"},{"key":"981_CR34","volume-title":"The cyber dimensions of the russia-ukraine war","author":"T Grossman","year":"2023","unstructured":"Grossman, T., Kaminska, M., Shires, J., Smeets, M.: The cyber dimensions of the russia-ukraine war. In Workshop Report, UK NCSC and ECCRI (2023)"},{"key":"981_CR35","first-page":"7","volume-title":"Survival: October-November 2022","author":"M Willett","year":"2023","unstructured":"Willett, M.: The cyber dimension of the russia-ukraine war. In: Survival: October-November 2022, pp. 7\u201326. Routledge (2023)"},{"issue":"7","key":"981_CR36","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1109\/MC.2022.3170644","volume":"55","author":"D Serpanos","year":"2022","unstructured":"Serpanos, D., Komninos, T.: The cyberwarfare in ukraine. Computer 55(7), 88\u201391 (2022)","journal-title":"Computer"},{"key":"981_CR37","doi-asserted-by":"crossref","unstructured":"Chivvis, C. S., Understanding russian \u201chybrid warfare\u201d. Rand Corporation, 17, 2017","DOI":"10.7249\/CT468"},{"issue":"2","key":"981_CR38","doi-asserted-by":"publisher","first-page":"44","DOI":"10.33172\/jdp.v8i2.1005","volume":"8","author":"U Priyono","year":"2022","unstructured":"Priyono, U.: Cyber warfare as part of russia and ukraine conflict. J. Diplomasi Pertahanan 8(2), 44\u201359 (2022)","journal-title":"J. Diplomasi Pertahanan"},{"key":"981_CR39","doi-asserted-by":"crossref","unstructured":"Hupperich T., On ddos attacks as an expression of digital protest in the russo-ukrainian war 2022. In: 2023 International Symposium on Networks, Computers and Communications (ISNCC), pages 1\u20138. IEEE, (2023)","DOI":"10.1109\/ISNCC58260.2023.10323968"},{"key":"981_CR40","doi-asserted-by":"crossref","unstructured":"Tsiatsikas, Z., (2022) Georgios Karopoulos, and Georgios Kambourakis. The effects of the russo-ukrainian war on network infrastructures through the lens of bgp. In: European Symposium on Research in Computer Security, pages 81\u201396 Springer,","DOI":"10.1007\/978-3-031-25460-4_5"},{"key":"981_CR41","unstructured":"CERT-EU. Russia\u2019s war on ukraine: One year of cyber operations. https:\/\/cert.europa.eu\/static\/MEMO\/2023\/TLP-CLEAR-CERT-EU-1YUA-CyberOps.pdf, 2023. Last accessed: August 24, 2024"},{"issue":"2","key":"981_CR42","doi-asserted-by":"publisher","first-page":"317","DOI":"10.1177\/0022002717737138","volume":"63","author":"N Kostyuk","year":"2019","unstructured":"Kostyuk, N., Zhukov, Y.M.: Invisible digital front: can cyber attacks shape battlefield events? J. Conflict Resolut. 63(2), 317\u2013347 (2019)","journal-title":"J. Conflict Resolut."},{"issue":"4","key":"981_CR43","doi-asserted-by":"publisher","first-page":"001","DOI":"10.1093\/jogss\/ogab001","volume":"6","author":"Philipp M Lutscher","year":"2021","unstructured":"Lutscher, Philipp M.: Digital retaliation? denial-of-service attacks after sanction events. J. Glob. Secur. Stud. 6(4), 001 (2021)","journal-title":"J. Glob. Secur. Stud."},{"issue":"2\u20133","key":"981_CR44","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1177\/0022002719861676","volume":"64","author":"PM Lutscher","year":"2020","unstructured":"Lutscher, P.M., Weidmann, N.S., Roberts, M.E., Jonker, M., King, A., Dainotti, A.: At home and abroad: the use of denial-of-service attacks during elections in nondemocratic regimes. J. Conflict Resoltn. 64(2\u20133), 373\u2013401 (2020)","journal-title":"J. Conflict Resoltn."},{"key":"981_CR45","doi-asserted-by":"crossref","unstructured":"Ghasiya, P., and Sasahara K., Messaging strategies of ukraine and russia on telegram during the 2022 russian invasion of ukraine. First Monday, (2023)","DOI":"10.5210\/fm.v28i8.12873"},{"key":"981_CR46","first-page":"1","volume":"8","author":"JV Pavlik","year":"2022","unstructured":"Pavlik, J.V.: The russian war in ukraine and the implications for the news media. Athen. J. Mass Media and Commun. 8, 1\u201317 (2022)","journal-title":"Athen. J. Mass Media and Commun."},{"key":"981_CR47","unstructured":"OpenAI. Chatgpt: Optimizing language models for dialogue. https:\/\/openai.com\/chatgpt, (2023). Accessed: 2024-02-28"},{"key":"981_CR48","unstructured":"VirusTotal. Virustotal api v3. https:\/\/docs.virustotal.com\/reference\/overview, 2024. Last accessed: August 24, (2024)"},{"key":"981_CR49","unstructured":"Pochat, V. L., Van\u00a0Goethem, T., Tajalizadehkhoob, S., Korczy, M.,\u0144ski, and Joosen W., Tranco: A research-oriented top sites ranking hardened against manipulation. arXiv preprint[SPACE]arXiv:1806.01156, (2018)"},{"key":"981_CR50","unstructured":"Askew, J., Ukraine war: A month-by-month timeline of the conflict so far. https:\/\/www.euronews.com\/2023\/01\/30\/ukraine-war-a-month-by-month-timeline-of-the-conflict-in-2022, 2023. Last accessed: August 24, 2024"},{"key":"981_CR51","unstructured":"Thomas, M., Ukraine war: Putin orders partial mobilisation after facing setbacks. https:\/\/www.bbc.com\/news\/world-europe-62984985, 2022. Last accessed: November 19, 2024"},{"key":"981_CR52","unstructured":"Tucker, P., Russia seems to be running low on drones. https:\/\/www.defenseone.com\/technology\/2022\/07\/russia-seems-be-running-low-drones\/374157\/, 2022. Last accessed: November 19, 2024"},{"key":"981_CR53","unstructured":"Wikipedia. 2022 belarusian constitutional referendum. https:\/\/en.wikipedia.org\/wiki\/2022_Belarusian_constitutional_referendum, 2022. Last accessed: November 19, 2024"},{"key":"981_CR54","unstructured":"Wikipedia. Nashstore: a russian online app store for devices running the android operating system. https:\/\/ru.wikipedia.org\/wiki\/NashStore, 2022. Last accessed: November 19, 2024"},{"key":"981_CR55","unstructured":"Hansler, J., Lithuanian foreign minister says putin and russian regime must be removed to stop \u2018warmongering\u2019. https:\/\/edition.cnn.com\/2022\/05\/10\/politics\/lithuanian-foreign-minister-interview\/index.html, 2022. Last accessed: November 19, 2024"},{"key":"981_CR56","unstructured":"Boffey, D., Russia threatens retaliation as lithuania bans goods transit to kaliningrad. https:\/\/www.theguardian.com\/world\/2022\/jun\/20\/russia-condemns-lithuania-transit-ban-some-goods-kaliningrad, 2022. Last accessed: November 19, 2024"},{"key":"981_CR57","unstructured":"Oladipo, G., Cyberattacks force over a dozen us airport websites offline. https:\/\/www.theguardian.com\/us-news\/2022\/oct\/10\/cyberattacks-disrupt-us-airport-websites, 2022. Last accessed: November 19, 2024"},{"key":"981_CR58","doi-asserted-by":"crossref","unstructured":"Jonker, M., Sperotto, A., Van Rijswijk-Deij, R., Sadre, R., and Pras, A., Measuring the adoption of ddos protection services. In: Proceedings of the 2016 Internet Measurement Conference, pages 279\u2013285, 2016","DOI":"10.1145\/2987443.2987487"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-00981-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-00981-w\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-00981-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,12]],"date-time":"2025-02-12T05:20:47Z","timestamp":1739337647000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-00981-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,1,16]]},"references-count":58,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,2]]}},"alternative-id":["981"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-00981-w","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,1,16]]},"assertion":[{"value":"16 January 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no Conflict of interest to declare that are relevant to the content of this article.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"64"}}