In September 2025, when Russian drones began crossing into Polish airspace for the largest NATO airspace violation since the full-scale invasion began, Polish F-16s and Dutch F-35s scrambled to intercept. German Patriot systems went to alert. NATO invoked Article 4. The alliance responded.
What went largely unreported was what Ukrainian civilian hackers had been doing for the previous six months – and were still doing that night.
Hackers from the Fenix Analytical Cyber Center, working with InformNapalm volunteers, had broken into the accounts of dozens of Russian military drone operators and were reading their communications in real time, without the Russians knowing. Think of it as looking over the shoulder of the people flying the drones – seeing where the aircraft were being sent, when they launched, which routes they were taking. For six months, around the clock, Fenix passed that live feed of Russian drone operations directly to Ukrainian Defense Forces as it happened.
The drones that crossed into Poland were not off course. Ukrainian hackers had already determined – and warned NATO partners in September – that Russia was deliberately testing whether Belarusian civilian cell networks could support drone operations targeting the supply routes through which Western weapons reach Ukraine. The debris that fell on Polish soil, and a drone fragment later found on a beach in Latvia, confirmed what the intercepted communications had already shown.
The intelligence flowing from this operation helped Ukrainian forces strike Russian command posts, drone launch sites, and the positions of an elite Russian drone unit. The operation ran for more than six months before it ended – not because the hackers were caught, but because Ukrainian military strikes, informed by what the hackers had found, destroyed the targets being watched.
The hackers had no authority to do any of it. No law recognized them. No command structure protected them.
They did it anyway.
“Ukrainian cyber specialists are operating in a gray zone, conducting offensive cyber operations against the enemy,” said Mykhailo Makaruk, spokesperson for the international intelligence community InformNapalm, in a public statement this week. “The creation of Ukraine’s Cyber Forces will allow for more effective coordination of military and civilian cyber specialists.”
That creation has not happened. Draft Law No. 12349, submitted to the Verkhovna Rada by lawmaker Oleksandr Fedienko in December 2024, would establish Ukraine’s Cyber Forces as a formal military branch – NATO-standard, command-integrated, and legally authorized for the offensive cyber operations Ukraine’s volunteers are already conducting. The bill cleared the Committees on Digital Transformation and Education. It has not reached a floor vote.
Makaruk on Feb. 19 publicly accused parliamentarian Andriy Motovilovets of removing the bill from consideration – calling the act sabotage that serves Russia’s interests.
Until the bill passes, Ukraine’s most effective cyber contributors operate in a legal gray zone: no rank, no protection, no formal intelligence pipeline to the military commands their work is already feeding.