Real 'Cyber War': Espionage, DDoS, Leaks, and Wipers in the Russian Invasion of Ukraine

The presentation discusses the complexity of attributing cyber attacks to specific actors and the importance of considering hacktivism and information operations in the context of the conflict. It also suggests the idea of investigating cyber attacks as part of the International Criminal Court's scope.

• The shift in reporting during The Invasion has made attribution of cyber attacks more complex
• Cross-matching and figuring out naming conventions is necessary
• There is much more activity beneath the surface that is not yet known
• Hacktivism and information operations are important aspects of the conflict
• Belarusian cyber partisans and Kilnet are notable hacktivist groups
• Investigating cyber attacks as part of the International Criminal Court's scope should be considered

The Belarusian cyber partisans were able to disrupt the train system carrying resources into Ukraine from Belarus to support Russia, demonstrating the significant efforts made by hacktivist groups in disrupting the conflict.

The Russian invasion of Ukraine has included a wealth of cyber operations that have tested our collective assumptions about the role that cyber plays in modern warfare. The concept of 'Cyber War' has been subject to all kinds of fantastic aberrations fueled by commentators unfamiliar with the realities and constraints of real world cyber. From the beginning of 2022, we have dealt with at least seven strains of wiper malware targeting Ukraine. The latest wiper was used to attack satellite modems with suspected spillover into critical infrastructure in Western Europe. Before this, nation-state wiper malware was relatively rare and this period of abundance is teaching us a great deal about the effects attackers can('t) have during military operations and what we should realistically expect in an era of hybrid warfare with cyber components.