Cyberwars: How Far Can They Go?

By Joseph Mazur

Although cyberspace connects people globally, facilitating productivity through remote work, it has also fostered a range of malicious activities. Some disturbing actions are controllable. Others, such as government cyberwars, run counter to the principles of cybersecurity. What happens when governments wage cyberwar against their enemies to disrupt services, transportation, communication, water, power, rail, and air flight networks?

– Leon Panetta, former US defense secretary

A fictional cyberwar plot in Zero Day, a television series political thriller, begins with a massive cyberattack causing telecommunications breakdowns resulting in planes and trains crashing and energy systems failing. The massive failure kills thousands and injures huge numbers of innocent people in the United States. Like thoughts after watching many other films–The Matrix, Independence Day, or Leave The World Behind—one wonders if such catastrophes could happen at those overwhelming levels of massive outages or disruptions of power grids, water systems, healthcare, or financial services. Can it? If it could, it would not be a fictional Zero Day disaster, but rather a material life-paralyzing cyberattack that cybersecurity experts call The Big One, because recovery will be daunting. ^[2]

In mid-July, approximately 8,000 SharePoint servers in the United States and Germany, which utilize centralized platforms for collaboration and document management, were targeted in an attack. Major industrial firms, banks, healthcare companies, and U.S. state-level and international governments were affected. Fortunately, it wasn’t The Big One, though it was dubbed a Zero Day attack because of the vastness of its reach. It was not an attack on satellites, but rather one on internal networks not jointly shared with networks involving critical communications and transportation digital facilities.^[3] However, that attack, suspected to be from a single hacker or small espionage group of hackers, uncovers digital weaknesses that permit backdoor penetration of systems that could be more central to national security.

Cyberspace is an almost impregnable galaxy of hardly any laws that can touch crimes from stealth mischief to loss of life. Between the two extremes, a relatively broad spectrum of crimes plays out in that universe. For over 42 years it has changed life constructively and harmfully, the former with an enormous advantage over the latter. As a tool, it has advanced research at every level, provided enhanced communication, and has vast volumes of information.

But what defines a cyberwar? My colleagues and experts tell me that the word “cyberwar” is too new to express an absolute. They disagree among themselves about the legitimacy of joining or hyphenating the word “cyber” with “war.” The word has become popular in the media as an overall acceptance of online usage. Almost all words with a semblance of tangible actions are acceptable to virtual acts. We now have an abundant vocabulary of cyber-words ending with cafes, bullies, casts, spaces, and even sexes. That’s just picking a few, and as you read, you will encounter many more. A dictionary definition tells us nothing about the deep meaning of the word. In my search for its etymology, the closest I could get is a surprisingly stretched connection to the Greek word κυβερνάω (Kybernao), which means a “steersman” or “helmsman.” Jason Blessing and Richard J. Harknett, at the University of Cincinnati Center for Cyber Policy and Strategy, say that the etymology is related to “the relationship between communication and automatic control systems of both machines and humans.” ^[4]

The definition of cyberspace, another of those cyber-somewhat compound words, varies. The International Telecommunications Union (ITU) defines it as “the physical and non-physical terrain created by and/or composed of some or all of the following: computer systems, networks and their computer programs, computer data, content data, traffic data, and users.” The U.S. military defines it as “a global domain within the information environment (IE) consisting of the interdependent networks of information technology infrastructures and resident data, including the internet, telecommunications networks, computer systems, and embedded processors and controllers.” ^[5] No matter how a “cyber” term is defined, it encompasses a battlefield of intelligence network systems, focused on activities surrounding digital infrastructures and control of data.

Cyberspace: a domain harbor for eight kinds of warfare

1. Espionage (limited to gathering information): The difference between espionage and intelligence is that the former involves stealing information clandestinely under cover. The latter applies to collecting information by members of an armed force in uniform. Espionage is a slippery category; Russia outsources its cyber-espionage operations to criminal groups to covertly target Ukraine’s defense infrastructure.
2. Criminal retaliation with acts of violence: This type of cyberwarfare is emotional and psychological cyberbullying that potentially leads to mental health issues and, in extreme cases, to suicide. In retaliation, the victims become the perpetrators.
3. Acts of fraud: Individuals, groups of confidence tricksters or cybercrime syndicates exploiting vulnerable victims or phishing for material (social security, bank account numbers, etc.) collecting data under fraudulent means for financial gain. Advertising firms know the average for when a con artist reaches a mark; “strike eleven times to get a hit.”
4. Propaganda: Countries use propaganda mostly for their purposes. All covert propaganda operations create disinformation, aided by artificial intelligence spreading through social media by altering an event to influence public opinion.
5. Political: Nation-states traditionally focus on intelligence operations that tend to escalate from data searching to destructive attacks of division to accumulate a supportive voting pool.
6. Mischievous attacks of functionality: Cyberactions causing disruptions of inconvenience and annoyance. In this category, there are no intentions of stealing money or manipulating data; rather, it is for testing a hacker’s digital cleverness.
7. Government destruction: Combat cyber operations by established governments are generally defensive; however, there are indications of growing offensive state-sponsored cyber disinformation operations, controls over enemy infrastructures, and sabotage.
8. Ransoms: Threatening demands of payment to fix code after attacks on businesses, unprotected individuals, financial services, and government agencies. 

The everyday notion of the word “cyberwar” extends to some ethereal realm in the universe that enables feedback loops of information passing through multiple pathways. When those pathways are injected with a contradictory information system, it gets jammed in a multi-way battle over factualness, much like short-circuiting a power grid, though not with copper wires. When one country relies on an interconnected technology infrastructure while another attempts to mess with it to disrupt it for offensive purposes, hired saboteurs could “hack” into the system to bring it down by sending contradictory signals. Is that a war? Perhaps we need to redefine the word to “cyber-concern” or even “cyberthreat”, for it is a complex concern for national security. ^[6] Hackers could be anyone with a vendetta or someone having fun with what can be achieved by cracking a code. In most cases, they impersonate other hackers, states, or agencies. “In warfare in a kinetic battlefield, it is usually clear who started, who attacked, and what space was conquered; none of this applies in cyberwar.” ^[7] Yet, “one of the great under-recognized stories of what’s happened in the US-China relationship over the past two or three years”, wrote David E. Sanger, a national security correspondent for the New York Times, “is the extent and the sophistication of the cyber activity that has so shaken American policy makers.” ^[8]

When it comes to enemy countries, hacking is different. Attackers might have intentions to hack national databases, perhaps the financial system to bring down a country’s economy, or to spread government disinformation to confuse the body politic. As William James Lynn III, a former United States Deputy Secretary of Defense quipped in 2011, “a couple dozen talented programmers wearing flip-flops and drinking Red Bull can do a lot of damage.” ^[9] Russia, with its years of spreading disinformation, propaganda, and cyberattacks, has a high score of cyber talent and an army of hackers within its security and intelligence agencies. ^[10] Let’s not just blame Russia. North Korea and Iran have their own armies of hackers who are quite capable of conducting global espionage from their desks. The U.S, U.K., China, and Israel have their cyber-offensive outfits.

Military hacking information systems.

– The White House, National Cybersecurity Strategy 2023 ^[11]

On April 1, 2015, President Barack Obama signed Executive Order 13694, blocking the entry into the United States of suspicious cybercriminal individuals, and seizing the property of individuals and entities involved in malicious cyber-enabled activities from outside the United States. ^[12] Obama ordered sanctions targeting individuals and groups responsible for cyber-attacks threatening U.S. national security and foreign policy. Ten years later, after several amendments and executive orders under President Joe Biden aimed at countering the increasing pervasiveness, Donald Trump signed Executive Order 14144, designed to counter increasing pervasiveness of cyber-threats from foreign actors and governments. ^[13]

– Donald Trump, Executive Order 14144.

Now we have a new compound “cyber” word, “cyber campaign.” What does that mean? Are those so-called campaigns uniquely targeting the United States, or are there many states targeting multiple nations in feedback loops that cycle revenge? Russia targets Ukraine with outsourced cybercriminal groups. And there are plenty of nation-states using cybercriminals to conduct financially motivated groups for their operations. And, ever since the Hamas October 7th attack, Iran continues its attempts to disrupt critical services of Israel. Unfortunately, For a start, the 2024 Convention on Cybercrime aimed to prevent and combat cybercrime and strengthen international cooperation to prevent and combat those crimes. ^[15] As they proliferate, the UN, a recognizably slow-moving body, will be forced to establish international cyber-laws, otherwise the next phase could bring on a cyber-world-war catastrophe.

Not all cyber-problems are political. Every advanced country encounters online criminal behavior, and the new mobsters no longer deal on the street. Therefore, we should distinguish between international political cyberattacks, homegrown cyberterrorism, and inescapable criminal swindles, which now account for almost 90 percent of all cyberattacks. Less than 6 percent of all cyberattacks are related to breaching national security. So, should we worry? No matter how you look at it, even with two words not conjoined, the cyberwar of espionage and terror is not yet grave. But for how long?

Studies from a recent International Monetary Fund (IMF) report on the global economy and financial systems claim that as “digital platforms increase we become more exposed to cyberattacks,” and from that, cybercrime will cost the world $23 trillion in 2027. ^[16] However, the largest concern is strangely not crime against individual companies but rather those against governments. Those are the attacks that not only cause infrastructure destruction, but also the loss of human life by damaging those systems that facilitate living in territories in need of support by network services that keep economies functioning and aid living, i.e., transportation, communication, water, and power supplies that keep the wheels of stability moving. After all, operations in cyberspace are also beneficial for everyone. Advanced states have substantial offensive capabilities while also being exposed to cyberattacks. U.S. and U.K. military information prevents public knowledge of their cyberwar plans but surely, with their enormous military budgets, they are already operative and highly nasty. Deterrents or not, those plans are inevitable escalations that pose unbridled threats to a nation’s worldwide infrastructure and security.

Cyber acts of war

Consider how Russia disrupted Ukrainian military operations at the start of its invasion. A year later, the Pentagon published its Cyber Workforce Strategy with Mark Gorak, the U.S. DoD’s chief director of resources, saying, “To realize the success of these goals and objectives, we will measure and monitor progress on a set battle rhythm.” What could Gorak mean by “battle rhythm,” other than future defense and offense plans?

A dozen years ago, Thomas Rid, Professor of Strategic Studies and founding director of the Alperovitch Institute for Cybersecurity Studies at Johns Hopkins University said, “Cyber-war lacks the essential characteristics to meet the conditions of becoming an act of war; if the use of force in war is not violent, instrumental, and political, then there is no cyber offense that meets all three criteria.” That may have been true, but times have changed; Russia’s political aggression and the new hot wars in Europe and the Middle East have amplified as increased reliance on computers connecting with computers and clever new algorithms are hacked by large groups employed by combative governments.^[17]

For me, the middle criterion—instrumental—opens too much to apply; every carried-out event is instrumental when it happens. Thomas Rid tells us that many experts in the field say, “We should head for the hills: the cyber war is not coming. It’s here.”  In the preface of his book Cyber War Will Not Take Place, published in 2013, he writes, “Water will stop flowing, the lights go out, trains derail, banks lose their financial records, the roads descend into chaos, elevators fail, and planes fall out of the sky. Nobody, as this adage has it, is safe from the coming cyber war. Our digital demise is only a matter of time.” ^[18] His view is debatable by way of an older review coming from the RAND Corporation essay by John Arquilla and David Ronfeldt, claiming the opposite.^[19] In a more recent RAND Corporation essay by the same authors, a distinction is drawn between cyberwars and what they term “netwars.” To them, a netwar is, on the one hand, “a networked organizational structure of its practitioners”—with many groups being leaderless—and their quickness in coming together in swarming attacks a conflict waged “by terrorists, criminals, gangs, and ethnic extremists; and by civil-society activists (such as cyber activists or WTO protestors).” ^[20]

There is a difference between cyberattacks that take down entire systems and netwar attacks that aim for data control. Although both involve manipulating information and communication with continuous determination, the distinction between “netwars” and “cyberwars” is their endgame intentions. One is after the data of individual accounts; the other is to upset the system to cause chaos that challenges a government.^[21] Both are controlled by malicious actors grabbing and distorting information using psychological confusion, leading to economic and physical destruction.^[22]

Cyberattacks are not always cyberwars. Conventional wars destroy infrastructure and kill combatants and innocents. Cyberwars are generally not destructive to buildings or lives, at least not yet. With low risks to human life, the more benign elements of cyber-strikes tend to escape intended plans by accidentally replicating and moving through systems to affect unintended targets. A one-hacker-controlled system can cause tremendous damage when that one hacker has not thought through how viruses replicate. Although it is not easy to disrupt critical infrastructure, such as communication networks, power grids, and transportation systems, the probability of significant damage is not zero.

The tools

Terrorists, criminals, militant radicals, and cyber-spies use technologies that rely on several creations of malware such as MarsSnake, a novel tool used by Unsolicited Booker, a China-based group. It’s one of many tools used by spies and criminal organizations. Unsolicited Booker began just two years ago as an international organization in Saudi Arabia that discovered how to use social engineering to navigate through swarms of spear-phishing emails, thereby infiltrating through internal systems and collecting confidential data. Evan Gorelick, writing for the July 21st New York Times newsletter, says, “Since ChatGPT launched in November 2022, phishing attacks have increased more than fortyfold. Deepfakes, which mimic photos, videos, and audio of real people, have surged more than twentyfold.”

Malware evolves quickly at a speed that is hard to counter by counterintelligence. When installed in the system, it gains complete control, allowing it to steal files and execute commands. It is now a manipulation tool for access to government files in Europe, Africa, and Asia. Fortunately, most successful platforms have defensive reversal systems that can work backwards in time to recover through backup systems that can erase the newest code and return the configurations that were in place before the attack. So, restoration is quick for platforms that have continuous backups. For malware to work as spyware or as a cyberattack, it must penetrate the software system, not just a computer or two, but to command and alter the entire system. That is possible, but not an easy task. Now, AI is used to discover and fix platform exposures. Google AI found vulnerable codes ready to be manipulated in billions of computers. ^[23] With algorithms that can scrutinize millions of network connections per second, it’s likely to catch security breaches and patch loopholes in code.

Purchasing hacking toolsets is relatively easy. You can choose from a variety of malware options—trojan horses with names like Agent Tesla, Lockbit,  NanoCore, SocGolish, CoinMiner, or NoEscape—among hundreds of manufacturers or suppliers specializing in specific functions (some of which are open source), such as network vulnerability scanners, password-cracking means, and forensic tools. Mmap and Angry IP Scanner will let you find network configurations. If you are searching for security flaws in systems, Netcat (the “Swiss Army knife” of networking), Nessus, Aircrack-ng, Kismet, or Nikto would be good choices. To simulate a cyberattack, try Metasploit or Cobalt. For password cracking, consider John the Ripper or Hashcat. Many of these tools are perfectly legal and legitimate for cybersecurity purposes.^[24] Code for a sophisticated security system is often tens of millions of lines, nothing compared to the number of lines of code needed for significant malware tools that can destroy website infrastructure; for that, we see hundreds of millions of lines.

There are the illegal toolsets considered as backdoor malware, malicious software providing remote bypassing of security systems, permitting the control of infected systems to steal data, and to install malware. As thousands of personnel researchers build new security tools, thousands more are finding platform vulnerabilities. Skilled malicious hacker groups called an Advanced Persistent Threat (APT), with names such as Luckymouse, Crimson House, and Outlier, infiltrate Internet networks with ties to nation-governments (particularly China) willing to risk retaliation for their efforts to change leadership to expand policies favoring their best interests. APT uses tactics and tools often shared through communal sources, such as backdoor trojan horse malware for bypassing authentication to access network systems, and loaders to load infected programs into the central processing unit (CPU), the control center of a computer. All this “to throw cybersecurity off the scent and hide their true intent of cyber-espionage.” ^[25]

How elite APT groups operate Unsolicited Booker

It’s about persistence and convincing impersonation with malicious code. Warlock, known as “Warlock Dark Army”, is connected to an APT ransomware gang that infects systems, demanding a ransom payment in cryptocurrency to reestablish the system. It targets and threatens businesses, unprotected individuals, financial services, and government agencies. It often uses common infiltration tools and Remote Desktop Protocol (RDP), a proprietary protocol allowing remote access and control from one computer to another over a network to copy confidential information for gaining hostages of ransom payment. As I said, almost all APT groups use similar tools called Digital Portal Masters developed by software companies that own toolsets for legitimate work but that are also used as menacing toolware.   

The cyberspace battlefield  

David DiMolfetta, who covers cybersecurity for Nextgov/FCW, tells us, “Foreign adversaries are becoming more aggressive than ever before in efforts to target U.S. critical infrastructure.” A week before this publication, at the World Trade Center in New York City, he covered a Global Cyber Innovation Summit on national security threats to critical infrastructure. A panel of former national security officials and leading executives expressed concern over the security needs for infrastructure systems. Robert M. Lee, CEO of Dragos, a member of the panel, said, “It used to be that if you talked about taking down the grid, anybody in electric power would say, ‘There’s not one grid, and you really can’t take down the entire country. But then we started having market organizers, automatic metering infrastructure, cloud, [electricity management] systems and we said, ‘Oh, well, actually, maybe.’” ^[26]

The United States Department of Defense has 11 combatant commands that plan and execute military operations in specific regions of the world. In 2010, U.S. Cyber Command (USCYBERCOM) became one of the top new divisions of the U.S. Department of Defense. To the public, the division is advertised as a security of cyberspace that guards against cybercrimes so that the internet can operate as intended. ^[27] But Cyber Command is not just about security; it integrates cyber functions of the Army, Air Force, Navy, and Marines, and with each passing year budgets billions of dollars to support massive increases of staff to bolster cyber-defense but also to plan offensive skills claimed as justified deterrence. In addition, the U.S. has four other intelligence departments that scout cybercrimes as well as government snooping: the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA). All four listen for offensive cyber chatter. Jointly, they published a fact sheet on June 30, 2025, Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest, to warn the public that Iranian hacker groups employed by the government of Iran are cyber-threatening the U.S. internet system. ^[28] It claims that Iranian-affiliated cyber actors target U.S. devices and networks using “system engineering and diagnostic tools to target entities such as engineering and operator devices, performance and security systems, and vendor and third-party maintenance and monitoring systems.” There are no current indications of any coordinated malicious cyber activity against the U.S. from Iran; however, after the recent U.S. bombing of Iran, as history goes, those actors “are likely to significantly increase their attacks.” The U.S. National Terrorism Advisory System warned of a heightened threat of cyber terrorism against U.S. networks. ^[29]

China, too, has its equivalent command. Russia allegedly used cyberweapons to attack Georgia and Ukraine. The Ukraine attack came from the Cyber Snake program of Russia’s Federal Security Service (FSB), which infiltrates diplomatic communication networks to search and potentially steal military secrets. Cyber Snake is more than a worm; it replicates itself to spread like a virus through a network in search of any vulnerabilities it can use for its malicious purposes.

We have abundant evidence that the Russian state sponsored a cyber-enabled group to distract, disrupt, and skew the 2016 U.S. elections.^[30] Further, that group used espionage and application theft to exploit disinformation on social media platforms to continue its malicious activities against the U.S. before branching to other Western countries under a broader, ambitious strategy of strategic competition to “restore its European sphere of influence and erode other countries’ subscription to the Western liberal economic and political order.” ^{[31], [32]} They have also created, cultivated, and exploited “useful idiots, fellow travelers” and “agents provocateurs”, trolls and troublemakers, to borrow from the Oxford Internet Institute’s Computational Propaganda Research Project. ^[33]

It is one thing to spread political propaganda or intentional misinformation, quite another to pry through internet systems to cause human catastrophe. So, that brings in the question of how many states are involved in human catastrophe cyberwar planning. We know that Russia, China, Iran, and North Korea are among those countries that have already cyberattacked other states. Without security clearance, there is no information to spill regarding cyber plans. However, suspicion has it that the U.S., the U.K., and Australia are in on the act with plans for retaliations against first-move cyber-strikes. Many other countries have advanced cyber counterattack capabilities in place. The Chinese People’s Liberation Army (PLA) has a plan that they call “Integrated Network Electronic Warfare”, which can seize control of an enemy’s communications relays to muddle or alter messages. ^[34]  

And let’s not exclude Israel, a cyber-superpower of network security technology and a thriving net security industry that dwarfs the cyber-skills of all other countries. Its cyber military arm is Unit 8200, an intelligence corps of the IDF responsible for secretly gathering intelligence on military and criminal cyber behavior.

– Davide Giovannelli, NATO Cooperative Cyber Defense Centre of Excellence.

Can cyberspace be used to wage war?

I asked nine cybersecurity experts with no military security clearances if they believe that the U.S. conducts non-retaliation infrastructure cyberattacks against other countries. Everyone said, in different assorted phrases, I do not know. Searching for evidence of U.S. cyberattacks against other states, I found many, but mostly from government-controlled sources such as China Daily and the Moscow Times. ^[35] Another question I ask is whether cybersecurity will ever win the hacker battle in cyberspace. Michael Stoyanovich, a cybersecurity technology administrator at The Segal Group, a human resources consulting firm, told me that malicious hacking tools are improving with AI, on one side, ramping up cybercrimes, and on the other, helping legitimate cybersecurity that uses offensive tools to gain defensive results; the latter is losing the cat-and-mouse race. When I asked Stoyanovich, “Will the cat get the mouse?” he answered, “The future is so unpredictable, we don’t know, and AI will make everything more unpredictable. AI is not a magic wand; it is a power tool. Tools are made and managed by humans. A magic wand doesn’t have a reason. There are so many variables to consider when we are using modern software.”

The U.S. has always been reluctant to acknowledge any involvement in offensive, covert cyberattack plans, yet we know that U.S. Cyber Command, a DoD division built to disrupt enemies during armed conflicts, has attacked the Islamic State. In 2016, Ashton Carter, the then Secretary of Defense, said that CYBERCOM was attacking the Islamic State in cyberspace. Peter Singer, Senior Fellow at New America, corroborates that and claims that the admission “marks the first time the United States has acknowledged undertaking offensive cyberattacks.” Rob Knake, the Whitney Shepardson senior fellow at the Council on Foreign Relations, wrote in a 2016 CFR article, “CYBERCOM has transitioned from a predominantly defensive focus to ‘full spectrum’ capabilities, which makes CYBERCOM more potent for military operations. CYBERCOM was designed to have these capabilities, but, with CYBERCOM’s offensive mission now operational, the United States has crossed into uncharted territory in the history of war.” ^[36]

Take the A-Train

Could an advanced cyberattack take down a train of satellites? I asked Michael Machado, Associate Branch Head / Lead Mission Director,  Mission Validation and Operations, NASA Goddard Space Flight Center International Earth Science Constellation (ESC) Mission Operations Manager at NASA’s Goddard Space Flight Center, if it were possible for a foreign state to take down a few satellites in a train constellation with any ease.

The A-Train (named after the leading satellite, Aura) is an orbit line of several Earth-observing satellites that closely follow one another. ^[37] That train is a group of satellites that scientists use to study atmospheric phenomena, including cloud formation, aerosols, gases, and much more, but by taking it down, their absence would only affect future research, not critical satellite trains securing systems that assist living circumstances on Earth. “It is possible,” Machado said. “At a ‘Hack-a-Sat’ competition sponsored by the U.S. Space Force and Air Force Research Laboratory, hackers successfully breached a U.S. Air Force satellite in orbit.” The competition is a yearly event where the best hackers in the world are brought together to hack into a guinea pig satellite. The aim is to improve the cybersecurity of Department of Defense satellites by identifying vulnerabilities in space systems. 

We can assume that non-military satellites operate through networks that can be attacked and controlled. To give one example among many, the Wagner Group was responsible for a temporary outage of the Russian Internet provider Dozer-Teleport by using malware against a group of satellite terminals. The question remains: is it possible to take down satellites with connections to water supplies, power grids, or transportation communications? Are we ready to combat a Zero Day takeover?

 

The author would like to express his sincere gratitude to Sophie Jefferies, a Columbia University graduate student, for fact-checking, research assistance, comments, and constructive feedback.

About the Author

Joseph Mazur is an Emeritus Professor of Mathematics at Emerson College’s Marlboro Institute for Liberal Arts & Interdisciplinary Studies. He is a recipient of fellowships from the Guggenheim, Bogliasco, and Rockefeller Foundations, and the author of eight acclaimed popular nonfiction books. His latest book is The Clock Mirage: Our Myth of Measured Time (Yale).

Follow his World Financial Review column at https://worldfinancialreview.com/category/columns/understanding-war/. More information about him is at https://www.josephmazur.com/

Notes

^[1] https://www.marshallfoundation.org/life-legacy/

^[2] https://www.the-independent.com/tech/cyber-attacks-big-one-aisuru-botnet-b2755263.html?lid=squ1rvr3fwvz&utm_medium=email&utm_source=braze&utm_campaign=Popular%20in%20Premium%20-%2028-05-25&utm_term=IND_Marketing&empar=bb759ff36f2ff61999abd346c905873915c01036c5a2b4978fb83f6b22e77fde

^[3] https://www.reuters.com/sustainability/boards-policy-regulation/microsoft-server-hack-hit-about-100-organizations-researchers-say-2025-07-21/

^[4] https://www.artsci.uc.edu/content/dam/refresh/artsandsciences-62/departments/political-science/ccsp/pdf_downloadableflyers/Kybernao_Issue2a.pdf

^[5] https://www.doctrine.af.mil/Portals/61/documents/AFDP_3-12/3-12-AFDP-CYBERSPACE-OPS.pdf#:~:text=Cyberspace%20is%20a%20global%20domain%20within%20the,of%20the%20interdependent%20networks%20of%20information%20technology

^[6]https://www.researchgate.net/publication/280204557_Cyber_Warfare_A_Misrepresentation_of_the_True_Cyber_Threat#:~:text=Although%20the%20motivation%20of%20cyber,%2Dweapons%20and%20cyber%2Dattacks.&text=Content%20may%20be%20subject%20to%20copyright.&text=the%20development%20and%20implementation%20of,awareness%20about%20the%20cyber%20threat.&text=will%20to%20be%20imposed%20on%20him.&text=forms%20a%20vital%20part%20of%20every%20country’s%20critical%20infrastructure.&text=appreciate%20the%20cyber%20threat%2C%20activities,and%20raise%20awareness%20have%20increased.

^[7] https://www.jstor.org/stable/pdf/resrep08940.4.pdf?refreqid=fastly-default%3A0b973e8eecfe45ae9fae7e2ed569e138&ab_segments=&initiator=recommender&acceptTC=1

^[8] https://thebulletin.org/premium/2025-07/cyberstorm-on-the-horizon-david-sanger-on-what-two-recent-breaches-reveal-about-modern-warfare/

^[9] U.S. Department of Defense, Office of the Assistant Secretary of Defense, “Remarks on Cyber at the RSA Conference,” as delivered by William J. Lynn, III, San Francisco, California, February 15, 2011.

https://www.files.ethz.ch/isn/152953/inss%20memorandum_may2012_nr117.pdf (page 19).

http://www.defense.gov/speeches/speech.aspx?speechid=1535.

^[10] https://www.congress.gov/crs-product/IF11718#:~:text=Media%20reporting%20indicates%20FSB%20units,criminal%20hackers%20and%20the%20FSB.

^[11] https://international-review.icrc.org/articles/handling-cyberspaces-state-of-intermediacy-through-existing-international-law-928#footnoteref14_cfiwrqh

^[12] https://www.federalregister.gov/documents/2015/04/02/2015-07788/blocking-the-property-of-certain-persons-engaging-in-significant-malicious-cyber-enabled-activities

^[13] https://bidenwhitehouse.archives.gov/briefing-room/presidential-actions/2023/03/29/notice-on-the-continuation-of-the-national-emergency-with-respect-to-significant-malicious-cyber-enabled-activities-3/#:~:text=On%20April%201%2C%202015%2C%20by,March%2029%2C%202023.

^[14] https://www.whitehouse.gov/presidential-actions/2025/06/sustaining-select-efforts-to-strengthen-the-nations-cybersecurity-and-amending-executive-order-13694-and-executive-order-14144/

^[15] https://www.unodc.org/unodc/en/cybercrime/convention/home.html

^[16] Khiaonarong, T., K. Korpinen., and E. Islam. (2025). Using Simulations for Cyber Stress Testing Exercises. Working Papers WP/25/85, International Monetary Fund.

^[17] Smith, Troy E. “Cyber Warfare: A Misrepresentation of the True Cyber Threat.” American Intelligence Journal 31, no. 1 (2013): 82–5.

http://www.jstor.org/stable/26202046.

^[18] Thomas Rid, Cyber War Will Not Take Place (New York: Oxford University Press, 2013)

^[19] John Arquilla and David Ronfeldt, “Cyberwar is Coming!” Comparative Strategy, Vol 12, No. 2, Spring 1993, pp. 141–65. Copyright 1993 Taylor & Francis, Inc.

^[20] Arquilla, John and David Ronfeldt, eds., “Networks and Netwars: The Future of Terror, Crime, and Militancy”. Santa Monica, CA: RAND Corporation, 2001. https://www.rand.org/pubs/monograph_reports/MR1382.html

^[21] James J.F. Forest, “Political Warfare and Propaganda an Introduction”, JAMS, Vol. 12, No. 1.

https://doi.org/10.21140/mcuj.20211201001

^[22] John Arquilla and David Ronfeldt, “The Advent of Netwar (Revisited),” in Networks and Netwars: The Future of Terror, Crime, and Militancy, ed. John Arquilla and David Ronfeldt (Santa Monica, CA: Rand, 2001), 1, https://doi.org/10.7249/MR1382.

^[23] https://messaging-custom-newsletters.nytimes.com/dynamic/render?uri=nyt%3A%2F%2Fnewsletter%2F9b5b2bc9-0daf-588a-af1f-bad81602d9ed&sendId=202290&productCode=NN&paid_regi=1&isViewInBrowser=true

^[24] Here is the list of security tools: TransferLoader, Skitnet, Defendnot PureRAT, PureLogs, Snyk, OWASP Dependency-Check, Metasploit, Burp Suite, Brakeman, KaliLinux, Bandit, and Dependency-Track

^[25] https://www.microsoft.com/en-us/security/security-insider/threat-landscape/microsoft-digital-defense-report-2024#:~:text=Nation%2Dstate%20threat%20actors%20are,by%20nation%2Dstate%20threat%20actors.

^[26] https://www.nextgov.com/cybersecurity/2025/07/basic-cybersecurity-lapses-are-leaving-us-infrastructure-exposed-top-experts-warn/406971/?oref=n g-homepage-river

^[27] https://nsarchive2.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-029.pdf

[28] https://www.cisa.gov/sites/default/files/2025-06/joint-fact-sheet-Iranian-cyber-actors-may-target-vulnerable-US-networks-and-entities-of-interest-508c-1.pdf

^[29] https://www.dhs.gov/ntas/advisory/national-terrorism-advisory-system-bulletin-june-22-2025#:~:text=Summary%20of%20the%20Threat%20to,conduct%20attacks%20against%20US%20networks.

^[30] Office of the Director of National Intelligence, (2017, January 06), Background to “Assessing Russian Activities and Intentions in Recent US Elections”: The Analytic Process and Cyber Incident Attribution (Washington D.C.).

^[31] https://www.stratcomcoe.org/james-rogers-andriy-tyushka-hacking-west-russias-anti-hegemonic-drive-and-strategic-narrative

^[32] https://arxiv.org/abs/1707.07592

^[33] Phillip Howard (2017, July 14), Troops, Trolls and Trouble-Makers: A Global Inventory of Organized Social Media manipulation (Oxford, Oxford Internet Institute).

^[34] https://global.chinadaily.com.cn/

^[35] https://www.themoscowtimes.com/2020/12/24/an-act-of-war-avoiding-a-dangerous-crisis-in-cyberspace-a72430

^[36] https://www.cfr.org/blog/send-malware-us-cyber-command-attacks-islamic-state

^[37] https://atrain.nasa.gov/taking.php

^[38] https://afresearchlab.com/technology/hack-a-sat/