The Invisible Front: Stolen Ukrainian IP Addresses Become Russia’s Cyber Shield
Russia is exploiting Ukrainian digital infrastructure, converting seized IP address ranges into instruments of cyberwarfare and information control.
The Gaze reports this, referring to Ukrinform.
These IP blocks, comparable to digital passports that determine the origin of online activity, were forcibly taken from Ukrainian telecom providers whose staff in occupied regions, according to testimonies, were pressured and even tortured into handing over access credentials.
Once Russia gained control, the addresses were re-registered through RIPE NCC, the Amsterdam-based regional internet registry responsible for allocating internet resources across Europe, the Middle East, and Central Asia.
Despite warnings from Ukrainian institutions, RIPE continued interacting with the Russian-backed users, citing “political neutrality” – a justification Ukrainian officials argue has turned into a loophole enabling cyberaggression under the guise of technical procedure.
The theft is not simply a matter of property loss. IPv4 resources are finite, expensive, and therefore economically valuable, with a single address costing up to €50 on private markets.
Several occupation-run entities now operate using these stolen blocks. They include companies created by Russian administrations in seized territories, such as Ugletelecom, Comtel, Phoenix, and Republican Digital Communications.
Ukrainian lawyers emphasize that RIPE NCC's continued recognition of documentation from occupation authorities effectively legitimizes their status, contradicts EU sanctions, and may constitute a criminal offence under Dutch legislation.
The Dutch Foreign Ministry has already clarified that IP address blocks qualify as economic assets, which means that providing them to sanctioned entities is not neutral administration – it is a sanctions violation.
For years, Moscow steadily increased influence inside RIPE. Russian-controlled members gained voting rights, placed loyal representatives in decision-making structures, and promoted narratives that justified their dominance by scale and population.
Attempts to introduce a Ukrainian representative were repeatedly blocked. Legal appeals intensified only after the start of the full-scale war, when Kyiv urged RIPE to freeze stolen addresses or return them to legitimate Ukrainian operators.
Today the issue stands at the intersection of geopolitics, law, and cybersecurity. NATO has recognised cyberspace as a battlefield, and a single masked intrusion routed through stolen Ukrainian IP space may eventually trigger continental-scale consequences.
Dutch prosecutors have already launched multiple sanction-evasion cases related to Russian dealings, and experts believe RIPE’s continued cooperation with entities tied to the “DPR/LPR” may soon attract similar attention.
As The Gaze reported earlier, the US, UK, and Australia have announced joint sanctions against Russian company Media Land and its subsidiaries for their involvement in global ransomware operations.
Watch on The Gaze: Russian Hackers Are Targeting YOU! Secrets to Outsmart Cyber Criminals