HomeTechnologyPredator Sparrow and other triggerless weapons of hybrid warfare: cheap, fast, undetectable...

Predator Sparrow and other triggerless weapons of hybrid warfare: cheap, fast, undetectable and effective

Security companies warn about the increase in cyber attacks with different strategies, actors, intensity and targets.

Hybrid warfare is a new term for a strategy as old as military conflict. It refers to the combination of conventional power with other methods such as insurgency, migration, terrorism, propaganda or limitation of essential resources. Information technologies have added a complex and challenging element: cyber warfare. Threat Analysis teams (TICKETThey have completed a report from Google on their use in the two most recent conflicts, which overlaps with other similar studies by S21sec or Kaspersky, and shows that although they are the same weapons, the strategies of the wars in Gaza and Ukraine differ significantly in time, actors, intensity and objectives, and Far from being limited to war scenarios, it is spreading across the planet with groups like Predator Sparrow (Gonjeshke Darande Persian).

martial artThe work, attributed to Chinese strategist Sun Tzu some 2,500 years ago, already touched on the combination of resources other than force to affirm that “suppressing the enemy without fighting is the pinnacle of skill.” The military was already talking about the importance of information and deception, the two basic elements of cyber warfare. Both are present in the conflicts in Gaza and Ukraine, but in different patterns, according to Google’s analysis, which aligns with analysis from other security organizations on the network.

The invasion of Ukraine was preceded by a massive increase in threats and cyber attacks against Kiev, previously intended to weaken its defensive capabilities. In contrast, before the Hamas attack on October 7, These online actions, which left 1,200 dead and 240 hostages in one day, continued at their usual intensity. “The operational security risks of a cyber operation outweighed the potential benefit, so we did not see anything like in Ukraine, which saw a massive increase in activity in the days and weeks before the invasion.” vice president Sandra Joyce explains Mandiant Intelligence. In other words, for Hamas, the increase in attacks on the internet could have highlighted the action, but it might not have been beneficial.

With the opening of both fronts, cyber warfare has become another weapon. While Russia maintains its online activity in every field and coordinates cyber attacks with missile launches, cyber warfare in Gaza focuses more on gathering information, disrupting basic services and implementing all kinds of propaganda.

In both cases, information technologies have demonstrated unique characteristics: Cyber ​​capabilities can be deployed quickly at minimal cost, so they have become a primary resource. These tools enable the rapid gathering of information or dissemination of propaganda and disrupt daily life while remaining below the level of direct military action. Sun Tzu wrote about the qualities of an attacker, “As swift as the wind, as silent as the forest, as swift and destructive as fire, as motionless as the mountain.” martial art

Joyce comments: “These actors have historically relied on simple but very effective tools, techniques and procedures. But there are signs of evolution and some more advanced capabilities have been developed, such as quite elaborate social engineering, to potentially attack Israel-based programming engineers.”

John Hultquist, principal analyst at Mandiant, adds that some strategies are now aimed not at gradually infecting a system, but at disrupting its functionality without leaving a trace, as happened during a deliberate blackout across the entire region of Ukraine: the advantage is that you do not introduce malware (malicious program) is signed and can be searched and identified. “He essentially acts as a system administrator and is really hard to find.”

Actors are also different. In the Ukraine war, Russia is using its own power in both conventional and information warfare, but Kiev has condemned China’s support. However, in Gaza, the main actor is outside the conflict zone: According to Google data, Iran has actively participated in 80% of attacks against Israel and allied countries. The company’s analysts found that advanced social engineering was used to gain control of critical elements through individual attacks and key services such as water distribution systems, as well as through custodians. Service pages such as mobile phones and missile attack warning systems or those of the police or hospitals were also infected with this virus, creating confusion and terror in society. Iran, for its part, attributes to Israel the activities of the Predator Sparrow group, which, among other actions, canceled the Persian Gulf country’s gas stations.

This model of warfare knows no boundaries. As conflict continues, the likelihood of broader regional instability increases. While critical infrastructures in the USA and Europe were the target of cyber attacks, Lebanon and Yemen also joined them. “They are global actors, and that means what happens here (in the conflict-ridden region) has implications for the world,” says Google’s TAG director, Shane Huntley, who points to upcoming election cycles or events of international significance as targets. Olympic Games.

Other reports

Google’s results align with reports from other network security organizations such as Thales Group’s S21sec. HE Threat Landscape Report A report from this company includes denial of service (DDoS) attacks, attacks against the integrity of websites and data leaks, infiltration of systems, ransomware (computer hijacking) and participation in espionage.

According to the investigation, its activity is distributed through channels such as Telegram and Dark Web forums (sites that are not indexed and can only be accessed through special browsers) such as BreachForums, Dread Forum, Cracked, Nulled and Leakbase. A quarter of actors support Israel, while the rest intend to support Palestine.

“The majority of these threat groups are ideologically or religiously motivated, selectively attacking both Israeli and Palestinian entities, as well as other entities located in countries unrelated to the conflict, including the Americas, Europe, Asia and Africa,” Sonia Fernández said. S21sec Threat Intelligence team.

Experts from cybersecurity company Kaspersky agree that it is known as: hacking Geopolitically motivated threats will intensify and contribute to a more complex and challenging threat environment. “HE ransomware This is still a big problem and hackers They are getting better at attacking large, profitable companies with more sophisticated methods; Hacktivists motivated by social issues are also becoming increasingly active, resulting in an increase in potential threats; The transportation and logistics industry is particularly vulnerable to these changes due to its increasingly digital systems. “The combination of cybercrime and traditional crimes poses a serious threat to global supply chains,” said Evgeny Goncharov, Head of Kaspersky ICS CERT.

You can follow EL PAÍS Technology inside Facebook And X or sign up to hear from us here weekly newsletter.

Source: El Pais



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments