Predator Sparrow and other triggerless weapons in hybrid warfare: cheap, fast, undetectable and effective | Technology

Hybrid warfare is a new term for a strategy as old as military conflict. It refers to the combination of conventional force with any other means, such as insurgency, migration, terrorism, propaganda or limitation of basic resources. Information technology has added a complex and difficult element: cyberwarfare. Threat Analysis Teams (LABELfor its acronym in English) from Google, carried out a report, coinciding with other similar work from S21sec or Kaspersky, on their use in the two most recent conflicts and detected that, even if they are the same weapons, strategy in the wars in Gaza and Ukraine show substantial differences in times, actors, intensity and objectives which, far from being limited to war scenarios, extend to the entire planet with groups like Predator Sparrow (Gonjeshke Darande in Persian).

The art of War, the work attributed to the Chinese strategist Sun Tzu around 2,500 years ago, already referred to the combination of resources other than force to assert that “subduing the enemy without fighting is the pinnacle of skill” . The soldier was already talking about the importance of information and deception, two fundamental aspects of cyberwar. Both are present in the conflicts in Gaza and Ukraine, but with different patterns, according to Google’s analysis, which coincides with that of other network security entities.

The invasion of Ukraine was preceded by a sharp increase in threats and cyberattacks against kyiv in order to weaken defense capabilities. On the other hand, before the Hamas incursion of October 7, which resulted in 1,200 dead and 240 hostages in a single day, these online actions maintained their usual intensity. “The operational security risks of a cyber operation outweighed the potential benefits, which is why we did not see anything comparable in Ukraine, where, in the days and weeks leading up to the invasion, a dramatic increase activity was noted.“, explains Sandra Joyce, vice-president of Mandating Intelligence. In other words, for Hamas, an increase in attacks on the Web could have highlighted the action and would not have brought benefits.

With both fronts open, cyberwar has become another weapon. While Russia keeps its activity online in all domains and coordinates its cyberattacks with missile launches, in the Gaza War, cyberwarfare focuses more on information gathering, disruption of essential services, and deployment of all types of propaganda.

In both cases, information technologies have demonstrated unique characteristics: cyber capabilities can be deployed quickly and inexpensively, which is why they have become a prime resource. These tools make it possible to gather information or disseminate propaganda quickly and disrupt daily life while remaining below the level of direct military action. “Quick as the wind, silent as the forest, swift and devastating as fire, still as a mountain,” Sun Tzu wrote of the qualities of an attacker in The art of War

“These actors,” comments Joyce, “have historically relied on simple but very effective tools, techniques and procedures. But there are signs of evolution and potentially more advanced capabilities have been developed, such as quite sophisticated social engineering to target programming engineers based in Israel.

John Hultquist, chief analyst at Mandiant, adds that some strategies are no longer aimed at gradually infecting a system but at interrupting its functionality without a trace, as happened during a power outage intentional throughout an entire region of Ukraine: “The advantage is that you do not introduce malware (malware) that is signed and can be searched and identified. Essentially it acts as a system administrator and is really hard to find. »

The actors also differ. In the war in Ukraine, Russia is using its own force, both in conventional warfare and in information warfare, although kyiv has denounced China’s support. However, in Gaza, the main actor is located outside the territory in conflict: Iran actively participated in 80% of the attacks against Israel and allied countries, according to Google data. The company’s analysts detected attacks on individuals and critical services, such as water distribution systems, as well as the use of sophisticated social engineering to gain control of critical elements from those responsible. Cell phones and missile attack warning systems or service pages such as those of the police or hospitals have also been infected to sow confusion and terror among the population. For its part, Iran attributes to Israel the activity of the Predator Sparrow group which, among other actions, canceled gas stations in this Persian Gulf country.

This model of warfare knows no borders. As the conflict continues, the possibility of broader regional instability increases. Critical infrastructure in the United States and Europe has been the target of cyberattacks, joined by Lebanon and Yemen. “They are global players and that means what happens here (in the conflict territory) has implications around the world,” says Shane Huntley, director of Google’s TAG, which targets upcoming electoral processes or events of international importance, such as the Olympic Games.

Other reports

Google’s results are consistent with reports from other network security entities, such as S21sec, from the Thales group. He Threat Landscape Report of this company highlights the proliferation of network activists for denial of service (DDoS) attacks, against the integrity of websites and for data leaks, infiltration of systems, deployment of Ransomware (computer kidnappings) and participation in espionage.

Its activity, according to the investigation, was carried out through channels such as Telegram and Dark Web forums (sites not indexed and accessible only via specialized browsers) such as BreachForums, Dread Forum, Cracked, Nulled and Leakbase. A quarter of the actors support Israel while the rest intend to favor Palestine.

“The majority of these threat groups are ideologically or religiously motivated, selectively attacking both Israeli and Palestinian entities, as well as others located in countries unrelated to the conflict, including America, Europe, Asia and Africa,” said Sonia Fernández, head of the organization. the S21sec Threat Intelligence team.

Experts from cybersecurity company Kaspersky agree that the so-called hacktivism Geopolitically driven threats will intensify and contribute to a more complex and demanding threat landscape. “He Ransomware It’s still a big problem and the Pirates They are getting better and better at attacking large, profitable companies with more advanced methods; Hacktivists motivated by social issues are also increasingly active, generating an increase in potential threats; and the transportation and logistics sector is particularly vulnerable to these changes due to its increasingly digital systems. “This combination of cybercrime and traditional crime poses a serious threat to global supply chains,” said Evgeny Goncharov, head of Kaspersky ICS CERT.

You can follow EL PAÍS Technology In Facebook And X or sign up here to receive our weekly newsletter.

Subscribe to continue reading

Read without limits