Getting bored of cyberwar : exploring the role of low-level cybercrime actors in the Russia-Ukraine conflict

Vu, Anh V. and Thomas, Daniel R. and Collier, Ben and Hutchings, Alice and Clayton, Richard and Anderson, Ross; (2024) Getting bored of cyberwar : exploring the role of low-level cybercrime actors in the Russia-Ukraine conflict. In: WWW '24: Proceedings of the ACM on Web Conference 2024. ACM, Singapore, 1596–1607. ISBN 9798400701719 (https://doi.org/10.1145/3589334.3645401)

[thumbnail of Vu-etal-ACM-2024-Getting-bored-of-cyberwar-exploring-the-role-of-low-level-cybercrime-actors]
Preview
Text. Filename: Vu-etal-ACM-2024-Getting-bored-of-cyberwar-exploring-the-role-of-low-level-cybercrime-actors.pdf
Final Published Version
License: Creative Commons Attribution 4.0 logo

Download (1MB)| Preview

Abstract

There has been substantial commentary on the role of cyberattacks carried out by low-level cybercrime actors in the Russia-Ukraine conflict. We analyse 358k website defacement attacks, 1.7M UDP amplification DDoS attacks, 1764 posts made by 372 users on Hack Forums mentioning the two countries, and 441 Telegram announcements (with 58k replies) of a volunteer hacking group for two months before and four months after the invasion. We find the conflict briefly but notably caught the attention of low-level cybercrime actors, with significant increases in online discussion and both types of attacks targeting Russia and Ukraine. However, there was little evidence of high-profile actions; the role of these players in the ongoing hybrid warfare is minor, and they should be separated from persistent and motivated 'hacktivists' in state-sponsored operations. Their involvement in the conflict appears to have been short-lived and fleeting, with a clear loss of interest in discussing the situation and carrying out both website defacement and DDoS attacks against either Russia or Ukraine after just a few weeks.