Daniel Moore Profile picture
Feb 28 15 tweets 2 min read
Some thoughts on offensive cyber ops (OCOs) & influence campaigns in the context of Ukraine. Both potential and reality.
(1) Influence campaigns - while not technically offensive cyber - are essential to this conflict. A sustained projected image of resilience did a lot to galvanize global response towards Ukraine. There are tectonic shifts in geopolitics.
(2) That Russia did not (a) cripple Ukrainian internet access and (b) dominate the wartime narrative was a massive strategic error. Public perception in conflict is an accelerant to intervention and countermeasures. Confidence comes from compelling narrative.
(3) I often make the distinction between two types of offensive cyber ops: event-based (immediate, usually tactical, also usable from the field) and presence-based (often first intel ops, intentional lateral movement, usually run in the rear). Russia has potential for both.
(4) Considering the origin of most Ukrainian hardware, Russia should be able to use event-based cyber alongside or directly as part of their electronic warfare platforms. Difficult to see evidence of this even if it is happening, that's not easily discernible to OSINT watchers.
(5) Considering the invasion was extensively planned and the Russian history of targeting Ukrainian networks, it would have helped them to preposition for strategic presence-based ops to facilitate initial success in suppressing Ukraine.
(6) Maybe strategic OCOs were not prioritized (miscalculation), maybe they were detected (opsec errors), or maybe their effects failed/under-delivered (operational errors).
(7) We're also seeing a lot of opportunistic attacks, both presence-based (e.g. compromising RU news sites, infra, gov websites) and event-based (e.g. DDoS). Those are not likely to make a massive difference on their own considering they were initiated mid-conflict.
(8) That's not to say they don't matter. They introduce adversarial noise and increase perception of the sassy defenders punching above their weight and rallying support. So they serve the broader influence campaign even if they mostly don't matter militarily.
(9) If a target happens to be vulnerable and actionable even within a compressed wartime timeline, an attacker may even create a meaningful effect. This is particularly true of internet-connected aging or underresourced critical infra. Also, not all critical infra is ICS.
(10) We haven't seen thus far what OCOs could do if wielded intentionally, with strategic forethought, as part of a combined arms approach. It's possible, even if not on display here.
(11) It is also entirely possible, considering the medium, that there are many aspects we do not have visibility into. Perspective bias colors our analysis, and our view is heavily skewed by what official reports, news coverage, and civilians are able to show us.
(12) Let's not read too much into what Russia vs Ukraine means about the landscape of possible offensive cyber ops.
(13) Let's not read too little into what Russia vs Ukraine means about how cyber blends into an influence campaign and the role of crowdsourced ops. Also, draw too many undisciplined civilians into the mix and the risk of collateral increases as well.
(14) We're not remotely done, so everything in this thread is "as of now".

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Daniel Moore

Daniel Moore Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(