INTRODUCTION. The article analyses the problem of cyber espionage in the context of armed conflict in cyberspace. The relevance of this research, as part of the problem of international humanitarian law applying in cyberspace, is confirmed by the rapid development of cyber technologies that can be used during armed conflict, as well as the availability of the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations.MATERIALS AND METHODS. The main sources of this research are the provisions of the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, the rules of Additional Protocol I of June 08, 1977 to the Geneva Convention of August 12, 1949, the rules of the Hague Regulations on the Laws and Customs of War on Land of 1907, and the rules of custom- ary international humanitarian law. The methodology consists of the principles used in legal research, as well as general scientific and special methods of legal research (system and formal legal methods).RESEARCH RESULTS. The provisions of the Tallinn Manual on cyber espionage were examined for compliance with the relevant provisions of Additional Protocol I of June 08, 1977 to the Geneva Convention of August 12, 1949, the Hague Regulations on the Laws and Customs of War on Land of 1907, and the rules of customary international humanitarian law, as well as the problems that may arise in the process of possible practical application of this provision of the Tallinn Manual.DISCUSSION AND CONCLUSIONS. It is noted that the provisions of the Tallinn Manual 2.0 on cyber espionage are based on the relevant rules of international law. In fact, the relevant provision of the Tallinn Manual is completely copied from the relevant rules of IHL. However, based on the results of this research, the author comes to the conclusion that such blind copying does not take into account the specifics of cyberspace and leads to the following problems in the possible practical application of this provision of the Tallinn Manual: firstly, due to the anonymity of users, it will be difficult to distinguish between a cyber intelligence officer and a cyber spy in practice. Secondly, due to the difficulties in establishing clear state borders in cyberspace, including due to the use of blockchain and VPN technologies, in practice it is impossible to reliably establish whether secret information was collected on the territory of the enemy, which, in turn, leads to difficulties in qualifying such an act as cyber espionage. Finally, in the context of modern armed conflicts, espionage has ceased to be a phenomenon exclusively of international armed conflicts, and therefore it is likely that cyber espionage can be carried out not only in the context of an international armed conflict, but also in the context of a non-international armed conflict. Based on the results of this research, suggestions were made to develop state practice on this issue. It is desirable that States raise the discussion of the above issues at the UN General Assembly, which would help to identify the main trends in the development of such practices. Only And only after the practice of States on this issue becomes more obvious, the question of developing an appropriate international treaty, preferably within the UN, can be raised.