Abstract
There has been substantial commentary on the role of cyberattacks carried out by low-level cybercrime actors in the Russia-Ukraine conflict. We analyse 358k website defacement attacks, 1.7M UDP amplification DDoS attacks, 1764 posts made by 372 users on Hack Forums mentioning the two countries, and 441 Telegram announcements (with 58k replies) of a volunteer hacking group for two months before and four months after the invasion. We find the conflict briefly but notably caught the attention of low-level cybercrime actors, with significant increases in online discussion and both types of attacks targeting Russia and Ukraine. However, there was little evidence of high-profile actions; the role of these players in the ongoing hybrid warfare is minor, and they should be separated from persistent and motivated 'hacktivists' in state-sponsored operations. Their involvement in the conflict appears to have been short-lived and fleeting, with a clear loss of interest in discussing the situation and carrying out both website defacement and DDoS attacks against either Russia or Ukraine after just a few weeks.
Original language | English |
---|---|
Title of host publication | WWW '24: Proceedings of the ACM on Web Conference 2024 |
Pages | 1596–1607 |
Number of pages | 12 |
ISBN (Electronic) | 9798400701719 |
DOIs | |
Publication status | Published - 13 May 2024 |
Event | WWW '24: The ACM Web Conference 2024 - Singapore Duration: 13 May 2024 → 17 May 2024 |
Conference
Conference | WWW '24: The ACM Web Conference 2024 |
---|---|
City | Singapore |
Period | 13/05/24 → 17/05/24 |
Keywords
- Russia-Ukraine conflict
- DDoS attacks
- website defacement attacks
- cybercrime
- cyberwar
- volunteer hacktivists
- IT Army of Ukraine