Ukrainian Armed Forces Team Secures Second Place at International Cyber Exercise

The exercise focused on developing capabilities to counter complex cyber defense scenarios simulating attacks on military command and control systems, cloud environments, and segments of critical infrastructure.

The primary objective was to enhance the capabilities of cybersecurity units of the United Kingdom and partner countries in responding to sophisticated, multi-layered cyberattacks, as well as to improve the practical application of modern technologies, including AI/ML-based solutions, in threat detection and analytics.

During the active phase, teams operated in conditions closely resembling real-world operational environments, combining continuous monitoring, incident response, infrastructure resilience maintenance, and execution of technical challenges. The scenarios included coordinated cyberattacks causing disruptions to key services, public-sector critical infrastructure, and specialized military systems. Particular emphasis was placed on the ability to operate under time constraints and increased workload, make informed decisions under pressure, and maintain effective team coordination. The exercise served as a practical assessment of participants’ ability to conduct cyber operations, contain rapidly escalating incidents, and ensure infrastructure resilience against complex, multi-vector threats.

A joint team composed of cybersecurity personnel from the Armed Forces of Ukraine and the United Kingdom’s 21st Signal Regiment secured second place among 36 teams in the overall ranking.

This result was achieved through a clear functional distribution of roles and the integration of complementary approaches. The Ukrainian side leveraged extensive hands-on experience in countering real-world cyberattacks amid ongoing cyber aggression against Ukraine, which contributed to rapid decision-making, flexibility, and adaptability to evolving scenarios. The British partners applied standardized process management mechanisms, procedural discipline, and structured coordination. The synchronization of these approaches ensured infrastructure stability during the active attack phase and enabled consistently high performance throughout all stages of the exercise.

The Ukrainian component formed the technical core of Defensive Cyber Operations, including the development of protection strategies for the provided infrastructure, implementation of tactics, techniques, and procedures (TTPs) for incident response across varying levels of complexity, execution of Cyber Threat Intelligence activities, and rapid containment of the consequences of successful attacks. Particular focus was placed on practical compromise scenarios - identifying persistence mechanisms, countering privilege escalation, containing destructive phases, and restoring critical services.

A separate track of the active phase included technical challenges spanning a wide range of tasks, from incident analysis and vulnerability management to exploring emerging technologies. A significant portion of these challenges involved artificial intelligence, reflecting the current trend of active AI integration into cybersecurity processes, alongside the growing risks of its misuse.

Although the exercise included dozens of diverse challenges, particular attention should be given to the areas where the team not only demonstrated technical expertise but also achieved top positions in the international ranking.

Within the Def.AI track, four stages were implemented, including the foundational “LLMs 101,” which aims to develop skills for effective interaction with language models and for critical evaluation of their outputs. Subsequent tasks simulated applied scenarios such as phishing campaign analysis with source attribution, identification of compromised third-party components in codebases, and vulnerability prioritization based on asset criticality. This format assessed the ability to use AI as a decision-support tool in analytical processes. Owing to a high level of expertise, a representative of the Armed Forces of Ukraine secured first place in this track.

In parallel, Digital Forensics challenges were conducted, involving the analysis of digital artifacts, event logs, and the reconstruction of adversary activity following system compromise. Ukrainian representatives also achieved the best result in this domain, taking first place due to the speed and accuracy of artifact analysis.

Participation of the Armed Forces of Ukraine as part of a joint team with the UK’s 21st Signal Regiment enabled not only the refinement of response mechanisms to large-scale cyberattacks but also demonstrated a high degree of adaptability. Under complex operational conditions, Ukrainian specialists successfully established effective cooperation with international partners, overcoming organizational and communication barriers.

Amid continuous cyber confrontation, Ukraine has accumulated unique practical expertise in responding to targeted campaigns against critical infrastructure.

Participation in Defence Cyber Marvel 2026 became an effective mechanism for integrating this invaluable experience into a multinational environment, confirming its alignment with the highest international standards.

Practices developed by the Armed Forces of Ukraine today represent critical value for partners, making a significant contribution to strengthening the collective cyber resilience of the entire community.