Ukrainian cyber experts from the «256th Cyber Assault Division» conducted a large-scale operation, extracting data on the locations of more than 2,600 Starlink terminals used by the Russians. Thanks to their tricks, they managed not only to block enemy communications, but also to identify the coordinates of Russian headquarters and command posts.
Ukrainian cyber experts from the «256th Cyber Assault Division» conducted a large-scale operation, extracting data on the locations of more than 2,600 Starlink terminals used by the Russians. Thanks to their tricks, they managed not only to block enemy communications, but also to identify the coordinates of Russian headquarters and command posts.
Details of the operation are revealed in a report by The Time, which refers to a hacker from the «256th Cyber Assault Division» with the call sign «Goldfinger» and «Yaro», an intelligence officer from the 128th Heavy Mechanized Brigade.
The story began in 2025, when the Russians began to actively use Starlink to control large drones and bypass Ukrainian electronic warfare systems. To counter this threat, the Ministry of Digital Affairs asked Elon Musk’s company to introduce mandatory registration of devices in the unoccupied territory of Ukraine with the presentation of a passport. After the implementation of this requirement, all unregistered terminals in the combat zone were blocked.
«The Russians were left 'blind' on the battlefield. Desperate soldiers were looking for Ukrainians willing to register their devices for money,» the participants in the operation note.
Hackers from the «256th Cyber Assault Division» took advantage of this by creating a fake support service on Telegram. Posing as cybercriminals, they also offered the occupiers the opportunity to «legalize» the devices for cryptocurrency. To automate the process and collect data, the hackers used an AI-based chatbot. The program gradually tricked the Russians into providing serial numbers and, ultimately, the exact GPS coordinates of the antennas.
The data received was transmitted to the Ministry of Defense and combat brigades on the ground. According to Yaro, the coordinates obtained allowed for precise strikes on the positions of UAV pilots and enemy headquarters. As a result, the number of Russian strikes in his unit’s area of responsibility alone decreased by 45%.
The military noted that the Russians often remained in the same positions that were given to the hackers, either because the soldier who gave out their coordinates was too afraid to admit his mistake to his superiors, or because it was too difficult to go out into the open so close to the front line.
«Since 2025, they started using Starlink to control their large drones, which allowed them to increase the accuracy of their strikes and gave them an advantage. So it became increasingly important and dangerous for us,» explained «Goldfinger,» a wounded soldier turned hacker in the «256th Cyber Assault Division.»
With Starlink receivers no longer working, the Russians have begun using satellite dishes to build Wi-Fi bridges between units. This tactic allows them to stay connected but also helps the Defense Forces detect new enemy positions.
In addition to the hunt for Starlink, the 256th Cyber Assault Division, in collaboration with Dallas Analytics and InformNapalm, continues to expose Western companies that help the Russian Federation and hack the emails of Kremlin officials. Russian weapons factories identified with the help of AI and hacking tools have already become targets for Storm Shadow missiles.
According to the military, war is increasingly resembling a digital dystopia. «I see a picture that in five years we will mostly not need people. That scares me,» says «Yaro.»
Recall that after the Starlink blocking, the Russians tried to find «drops» among Ukrainians who were ready to activate enemy Starlinks for money. The hacktivist team «256 CyberShturmova Division» together with InformNapalm and MILITANT decided to take advantage of this. During the week of operation, the fake bots managed to obtain thousands of data packets, enemy positions, and even «donations from Russian soldiers.»
