In this special documentary edition of ThreatWise TV, we take a look at the people behind Talos’ efforts to protect Ukrainian critical infrastructure, and discuss the personal impact on the teams involved. Contains images of war that some viewers may find upsetting.


Just over a year ago, the news began to emerge that Russia declared war on Ukraine. A full-scale land, air, and sea invasion began.

A few months prior, during the build-up, the Cisco Talos team closely monitored the situation. We thought primarily about the safety of our colleagues and partners based in the region.

Not too far from the backs of our minds were the relentless and targeted cyberattacks against Ukraine over the past seven plus years, which had wreaked havoc on their infrastructure.

As more tanks arrived on the border, the Talos team wondered about an invisible war. A type of war that doesn’t require anyone to step in a building but could be leveraged to destabilize Ukraine’s critical infrastructure.

From November 2021, we readied ourselves to help our Ukrainian partners, wherever it was needed.

The story of Talos’ relationship with Ukraine goes back many years.

In 2015, Russian adversaries used destructive malware to cause blackouts across Ukraine. That same group was found to be responsible for many other destabilizing attacks, including attempts to disrupt elections in France, the NotPetya attack which caused billions of dollars in damage around the world, and Olympic Destroyer, where destructive malware was used to interrupt the opening ceremony of the Winter Olympics in South Korea.

After the Black Energy attacks, Talos reached out to our sales team based in Ukraine. We wanted to see if we could develop ties with key cybersecurity partners, government agencies, and security researchers who were based there. And find out ways we could help protect against cyber attacks from our common adversaries.

Our Ukrainian partners needed to learn to trust us. But trust us they did. The bonds that we have created with these people are inherently strong, and it’s one of the reasons why the invasion of Ukraine feels so deeply personal to us.

About three months before the Russian invasion, and witnessing the build up, the team reached out and offered assistance to our Ukrainian partners. Evacuation plans for Cisco staff based in the country began to take shape.

Once the invasion started, Cisco extended an offer to Ukrainian governmental organizations and critical infrastructure. We would supply them with our security software and services free of charge, as well as dedicated threat hunters. There was no definitive end date to this offer.

Hundreds of people across Cisco also got in touch with Talos to offer their assistance, from creating refugee packages, to contributing to open-source intelligence.

Our dedication to defending Ukrainian critical infrastructure from cyberattacks continues. We hope that peace and comfort come quickly to our Ukrainian friends, partners, and allies.

It has been an extraordinarily emotional and challenging journey for everyone in Talos and Cisco who are part of these efforts. It remains so.

I’m proud to help tell their story.

Further resources:

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels



Hazel Burton

Global Cybersecurity Product Marketing Manager, Thought Leadership

Cisco Secure