In a recently released report entitled “Operation Armageddon: Cyber Espionage as a Strategic Component of Russian Modern Warfare,” cybersecurity firm Lookingglass details evidence and constructs a timeline in support of the following argument regarding Russian activities in the conflict with Ukraine:
The campaign reveals a Russian state-sponsored cyber espionage campaign that is designed to give decision-making advantage to the Russian leadership by targeting Ukrainian government, law enforcement, and military officials in order to steal information that can provide insight into near term Ukrainian intentions and plans. Temporal analysis of the campaign indicates a direct correlation between the cyber attacks and the ongoing war in addition to highlighting an alarming blend between cyber espionage, physical warfare, and the driving political forces behind them.
While the suggestion that Russia has integrated cyber instruments and operations into its kinetic battlefield strategy should come as no great surprise (recall the 2008 war with Georgia for example), the report and this analysis by Aarti Shahani, NPR’s Business Desk Tech Reporter, make the interesting point “that when both sides negotiated a cease-fire last June, the cyber attacks stopped for that same period as well.”
Citing Indiana University law professor Fred Cate, the NPR piece elaborates: “It looks like the hackers see themselves as part of the battlefield…, `and so they stop those attacks when a cease-fire’s in place — as opposed to thinking of themselves as just intelligence gathering, which usually continues even during a cease-fire’.” In other words, “`It’s like the adversaries are actually thinking of themselves as attacking’.”
As a corollary, Shahani observes: this also “raises the question of when hacking constitutes an act of war.” Again, not a new question — but it springs from a set of circumstances that give new pause for thought.