/cloudfront-eu-central-1.images.arcpublishing.com/prisa/UUXCSAETJJCOFOBPS56PMM3K34.jpeg)
A Ukrainian soldier consults a computer on the outskirts of Donetsk, on February 10.SOPA Images (SOPA Images/LightRocket via Gett)
Hybrid warfare is a novel term for a strategy as old as military conflicts.
It refers to the combination of conventional force with any other means, such as insurgency, migration, terrorism, propaganda or the limitation of basic resources.
Information technologies have added one more complex and challenging element: cyberwar.
Google's Threat Analysis (TAG) teams have completed a report, coinciding with other similar works by S21sec or Kaspersky, on its use in the two most recent conflicts and have detected that, even though the same weapons, the strategy in the wars in Gaza and Ukraine show substantial differences in the times, the actors, the intensity and the objectives that, far from being limited to war scenarios, expand throughout the planet with groups such as Predator Sparrow (
Gonjeshke Darande
in Persian).
The Art of War
, the work attributed to the Chinese strategist Sun Tzu about 2,500 years ago, already referred to the combination of resources other than force to affirm that “subduing the enemy without fighting is the apogee of skill.”
The military man was already talking about the importance of information and deception, two fundamental aspects of cyberwar.
Both are present in the conflicts in Gaza and Ukraine, but with different models, according to Google's analysis, which coincides with that of other security entities on the network.
More information
Cyberattacks are multiplying and becoming more frequent, diverse and complex
The invasion of Ukraine was preceded by a large increase in threats and cyber attacks against kyiv in order to previously weaken defense capabilities.
In contrast, before the Hamas incursion on October 7, which resulted in
1,200 dead and 240 hostages in a single day, these online actions maintained their usual intensity.
“The operational security risks of a cyber operation outweighed the potential benefit, so we did not see something like in Ukraine, where, in the days and weeks before the invasion, a huge increase in activity was seen,”
explains
Sandra Joyce , vice president of Mandiant Intelligence.
That is, for Hamas, an increase in attacks on the web could have highlighted the action and would not have provided benefits.
With both fronts open, cyberwar has become another weapon.
While Russia maintains its online activity in all areas and coordinates cyberattacks with missile launches, in the Gaza war, cyberwar focuses more on collecting information, disrupting essential services and deploying all types of propaganda.
In both cases, information technologies have demonstrated unique characteristics: cyber capabilities can be deployed quickly at minimal cost, which is why they have become a primary resource.
These tools provide the ability to gather information or spread propaganda quickly and disrupt everyday life while remaining below the level of direct military action.
“Swift as the wind, silent as the forest, swift and devastating as fire, motionless as a mountain,” Sun Tzu wrote about the qualities of an attacker in
The Art of War.
“These actors,” Joyce comments, “have historically relied on simple but very effective tools, techniques and procedures.
But there are signs of evolution and, potentially, some more advanced capabilities have been developed, such as quite elaborate social engineering to attack Israel-based programming engineers.”
John Hultquist, chief analyst at Mandiant, adds that some strategies are no longer aimed at the progressive infection of a system but at the interruption of its functionalities without leaving a trace, as happened during an intentional blackout in an entire region of Ukraine: “The advantage is that you are not introducing
malware
[malicious program] that is signed and can be searched and identified.
Essentially, it is acting as a system administrator and is really difficult to find”
The actors also differ.
In the Ukraine war, Russia uses its own force, both in conventional and information warfare, although kyiv has denounced China's support.
However, in Gaza, the main actor is outside the territory in conflict: Iran has actively participated in 80% of the attacks against Israel and allied countries, according to Google data.
The company's analysts have detected individual attacks and essential services, such as water distribution systems, as well as the use of sophisticated social engineering to take control of critical elements through those responsible.
Mobile phones and missile attack warning systems or service pages such as those of the police or hospitals have also been infected to sow confusion and terror in the population.
For its part, Iran attributes to Israel the activity of the Predator Sparrow group that, among other actions, canceled the Persian Gulf country's gas stations.
This model of war knows no borders.
As the conflict continues, the possibility of broader regional instability increases.
Critical infrastructures in the United States and Europe have been targets of cyberattacks, and Lebanon and Yemen have joined them.
“They are global actors and that means that what is happening here [the territory in conflict] has implications in the world,” says Shane Huntley, director of Google's TAG, who points out upcoming electoral processes or events of international relevance as targets, like the Olympic Games.
Other reports
Google's results coincide with reports from other network security entities, such as S21sec, from Thales Group.
The
Threat Landscape Report
of this company points out the proliferation of network activists for denial of service (DDoS) attacks, against the integrity of websites and for data leaks, infiltration of systems, the deployment of
ransomware
(computer hijackings ) and participation in espionage.
Its activity, according to the investigation, has been deployed through channels such as Telegram and Dark Web forums (sites that are not indexed and can only be accessed through specialized browsers) such as BreachForums, Dread Forum, Cracked, Nulled and Leakbase .
A quarter of the actors support Israel while the rest intend to favor Palestine.
“The majority of these threat groups are ideologically or religiously motivated, selectively attacking both Israeli and Palestinian entities, as well as others located in countries not related to the conflict, including America, Europe, Asia and Africa,” says Sonia Fernández, Head of the S21sec Threat Intelligence team.
Experts at the cybersecurity company Kaspersky agree that what is known as geopolitically motivated
hacktivism
will intensify and contribute to a more complex and challenging threat landscape.
“
Ransomware
is still a big problem and
hackers
are getting better at attacking large, profitable companies with more advanced methods;
Hacktivists motivated by social issues are also increasingly active, generating an increase in potential threats;
and the transportation and logistics sector is especially vulnerable to these changes due to its increasingly digital systems.
“This combination of cybercrime and traditional crime constitutes a serious threat to global supply chains,” said Evgeny Goncharov, Head of Kaspersky ICS CERT.
You can follow
EL PAÍS Tecnología
on
and
X
or sign up here to receive our
weekly newsletter
.
Subscribe to continue reading
Read without limits
Keep reading
I am already a subscriber
_