What is cyber warfare?

A red world map with white pixels
(Image credit: Shutterstock)

The world has changed markedly since the widespread uptake of technology - there isn’t a single industry that has been left unaffected by the world’s transition to a more tech-assisted life.

While not an industry itself, the statement also rings true for international conflict where the days of traditional, or 'kinetic', warfare that purely takes place on land, air, and sea, are now far behind us.

The value of technology is lost on no-one and certainly not on the finest hackers on the planet who are often courted by nation-states in their ambition to build a battalion of front-line cyber security experts. This is because cyber warfare is on the rise - taking out a country’s Internet systems remotely, perhaps via a DDoS attack, is more time and resource-efficient than sending a squadron to blow up the physical infrastructure, for example.

Since technology has value everywhere, it doesn’t take a military mind to understand that the same level of disruption can be caused more easily and with less risk to life from behind a keyboard, nowadays, than it sometimes can on the battlefield.

Is anyone currently engaged in cyber warfare?

A warning of a Student infection in front of a binary background

The blunt answer to this question is ‘yes’. The ongoing conflict in Ukraine, instigated by Russia’s invasion earlier this year has led to one of the most visceral examples of concurrent kinetic and open cyber warfare seen to date.

We’ve seen a string of remarkable incidents happen on the cyber side that would each in themselves merit consideration for a ‘story of the year’ award in any other, more normal and historically insignificant year.

For example, the Ukrainian government has assembled a cross-border ‘IT army’ to help fight against Russian cyber attacks - of which there have been many. We’ve also seen underground criminal outfits pledge allegiance to Russia, dedicating their nefarious services to assist the aggressors in cyber space, while foot soldiers continue to fight the war on the ground.

The situation in Ukraine aside, just about every developed country has robust capabilities in cyber space and there are a number of countries actively developing digital weapons to use in future conflicts. Russia and China are the main focal points there, but other countries that are just as active include the US, France, and Israel.

This isn't to say that these countries are using these capabilities, although we know they possess the cyber weapons themselves and have used them in the past. For example, Stuxnet was a joint venture between the US and Israel to destroy Iran's nuclear programme capability.

What weapons are used in cyber war?

The tools of destruction used in cyber attacks do bear some resemblance to weapons commonly used in other criminal attacks, in that they incur the same effect.

A bot net

For example, botnets that exist to launch distributed denial of service (DDoS) attacks can target critical services and cripple entities digitally or may even serve as a diversion from other malicious cyber activities, such as attempts to infiltrate the network. Spear phishing and social engineering, too, are techniques also deployed to get cyber criminals closer to the targeted systems. Threats from the inside pose a significant risk for organisations hoping to safeguard their systems against intruders, though are highly potent as far as hackers are concerned, allowing hackers to directly expose a network to a threat, or allow a group to steal sensitive data.

One useful example of how multiple layers of attack can be used to great effect is Stuxnet, which was first encountered ten years ago. An employee situated inside an Iranian nuclear power site inserted a USB stick embedded with the Stuxnet worm, either knowingly or unknowingly, into an air-gapped system. Exploiting multiple zero-day exploits, this malware searched for specific software running centrifuges, and commanded them to spin dangerously fast and then slow for a period of months without being detected. These centrifuges eventually broke and more than 1,000 machines were rendered useless.


The state of brand protection 2021

A new front opens up in the war for brand safety


The attack was never successfully blamed on any known party, although it's thought that this cyber weapon was created jointly between the US and Israeli military entities. While neither nation has denied the charge, it's also alleged Stuxnet was played as part of a showreel at the retirement party of the head of the Israeli Defence Force (IDF).

However, cyber warfare can also take a more subtle form. In April 2021, MI5 issued a warning of foreign agents using LinkedIn to steal information, with more than 10,000 British nationals, including government employees, having been approached by fake LinkedIn profiles associated with hostile states. However, public sector workers aren’t the only targets: in July, the MI5’s director general warned that businesses engaged in export, scientific research, and the high-tech sector should also be aware of the potential risks of falling victim to cyber espionage. These attacks have prompted the Centre for the Protection of National Infrastructure (CPNI) to launch the Think Before You Link campaign, which warns people against accepting messages or connection requests from unknown accounts.

Other examples of cyber warfare

The main UN building with flags of several countries on display

(Image credit: Shutterstock)

While Stuxnet is one of the best examples of cyber warfare in action, there are other significant events that can be attributed to state-level attacks.

The most recent example, and perhaps the most prominent in recent history, is Russian aggression towards Ukraine, which has included a sophisticated hacking element. This includes the NotPetya malware attack that masqueraded as typical ransomware but was in fact designed to destroy the systems it infected, or the BlackEnergy attack in 2015, which cut the power to 700,000 homes across Ukraine.

The UK, US, and EU have all blamed Russia for cyber attacks on Ukrainian infrastructure in the early stages of the Ukraine war, after a lengthy attribution process. This included attacks on Ukrainian government websites on 13 January 2022, which involved the deployment of the Whispergate destructive malware, as well as a 24 February attack on global communications company Viasat, which was attributed to the Russian military intelligence service (GRU).

Another nation that has been fairly active in the cyber warfare space is North Korea. Researchers have linked the country in the past to a hacking organisation Lazarus Group, which was behind the Sony hack of 2014 as well as a Bangladeshi bank in 2016.

In September 2022, the US government even managed to confiscate $30 million worth of cryptocurrency from the threat group. Lazarus had originally managed to steal the money from the token-based play-to-earn game Axie Infinity earlier in the year. This was reportedly the first time that cryptocurrency stolen by a North Korean hacking group had been seized.

During the pandemic, threat actors were also mobilising by focusing their efforts on public health providers and research facilities. This sector became a tempting target for state-sponsored cyber criminals considering how important healthcare and medical research became during the pandemic.

For example, the US Cybersecurity and Infrastructure Security Agency (CISA) and UK’s National Cyber Security Centre (NCSC) told organisations to be wary of password spraying attacks from state-backed hacking groups. The groups were reportedly focusing their efforts on pharmaceutical companies or healthcare bodies.

Even though the advisory the cyber security agencies published didn’t specifically name any threat actors, Microsoft discovered months later that healthcare companies carrying out vaccine research were being targeted by Russian and North Korean state-sponsored hackers. The groups launching the attacks were called Cerium, Zinc, and Strontium, and they targeted seven organisations, including a clinical research organisation.

Although ransomware attacks on healthcare providers can be traced back to long before the pandemic, the last year has magnified these attacks, proving that no target is off-limits for cyber criminals. Attacks on key infrastructure may severely impact the functioning of a state, but attacking hospitals can lead to much more than just financial loss. An example of such was the March 2020 attack on one of the largest coronavirus testing facilities in Czechia, which was forced to temporarily cancel surgeries and transfer new patients to other facilities as it became a target of cyber criminals. In two days after the cyber attack took place, the number of confirmed coronavirus cases in the country more than doubled to 298.

Cyber attacks and hybrid warfare

Increasingly, cyber attacks are being seen as an aspect of what's known as hybrid warfare. As explained by The Conversation, the term hybrid warfare is ill-defined and has changed in meaning over the past ten years or so since it came into use. Increasingly, however, it's used to describe the typical cyber warfare practices laid out here with efforts to disrupt democratic processes.

For example, in the run-up to an election, "Group A" may engage in efforts to alter sentiment through channels like social media while simultaneously targeting the websites of its main competitors, "Group B" and "Group C", with DDoS attacks or cyber vandalism.

Often, it won't be Group A itself that engages in these activities, but instead, it will outsource to companies that specialise in the spreading of disinformation and hackers for hire. This makes it more difficult to trace back.


Securing endpoints amid new threats

Ensuring employees have the flexibility and security to work remotely


This is a tactic also seen in state-sponsored cyber attacks, where countries claim an attack originates from "patriotic hackers" acting on their own terms without any persuasion or reward from the state.

Indeed, when it comes to nation-states, we can see another aspect of hybrid cyber warfare when cyber attacks are carried out alongside "kinetic attacks", which is to say traditional warfare tactics like bombs. This is similar to when, in the past, saboteurs would target critical infrastructure ahead of an invasion, only now the attacks can happen remotely.

However, the presence of cyber warfare doesn’t rule out armed conflict in the “real” world. President Joe Biden recently warned that the US could end up in a “shooting war” with a major power as a result of a cyber attack. During a visit to the Office of the Director of National Intelligence in late July 2021, Biden said that he believes that if the US gets involved in “a real shooting war with a major power, it’s going to be as a consequence of a cyber breach of great consequence”. He also went on to describe Russian president Vladimir Putin as “dangerous”, with Russia being previously accused of being behind last year’s SolarWinds cyber attack which saw hackers infiltrate the networks of hundreds of companies as well as nine US governmental agencies.

This was denied by the head of the Russian Foreign Intelligence Service (SVR), who told the BBC that he is "flattered" by the accusations from US and UK authorities, yet added that he could not "claim the creative achievements of others as his own". Nevertheless, the US responded by imposing trade restrictions on four Russian IT firms as well as two other entities over “aggressive and harmful” activities.

False flags

The only cyber weapon that is perhaps even more dangerous and disruptive than the zero-day is the false flag. We know that, for example, the attack by the so-called 'Cyber Caliphate' claiming to be affiliated to ISIS on a US military database was a false flag operation by the Russian state-sponsored hacking group APT 28. Why does this matter? Because the US retaliated with kinetic attacks on cyber communication channels and drone strikes against human targets in Syria.

Jane McCallion
Deputy Editor

Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.