state-sponsored-cyberwarfare

This chapter introduces the emergence and escalation of cyberwarfare through the activities of the Kremlin-backed hacker group Sandworm, highlighting their devastating attacks on Ukraine's critical infrastructure culminating in the global NotPetya malware outbreak in 2017. It contextualizes these events within a broader geopolitical cyber arms race, emphasizing the unprecedented scale and potential future consequences of state-sponsored digital sabotage. The prologue personalizes the impact by recounting a midnight blackout in Kiev, symbolizing the tangible human and societal effects of cyberattacks.

This chapter details the emergence of the Sandworm hacking group and its unprecedented cyberattack on Ukraine's power grid in late 2015, marking a new era of cyberwarfare that crossed from digital intrusion to physical sabotage. Despite clear evidence of the attack's severity and implications for U.S. infrastructure, government agencies initially downplayed the threat and withheld public warnings, missing a critical opportunity to establish international norms and deterrence against cyberattacks on civilian infrastructure. The chapter contrasts the muted response to Sandworm with the decisive public condemnation and retaliation following North Korea's 2014 Sony hack, highlighting political and bureaucratic challenges in addressing state-sponsored cyberwarfare.

Chapter 21 details the emergence and activities of the Shadow Brokers, a hacking group that leaked NSA cyberweapons and auctioned stolen hacking tools, raising concerns about the security of government cyber arsenals. The chapter highlights the initial skepticism about the leaks, the group's provocative messaging, and the broader implications for cyberwarfare, including suspected Russian involvement and the impact on cybersecurity defenses worldwide.

Chapter 22 'EternalBlue' details the release and global impact of the NSA hacking tool EternalBlue by the Shadow Brokers group, which led to the rapid spread of the WannaCry ransomware attack affecting thousands of computers worldwide, including critical infrastructure like the UK's NHS. The chapter traces the attribution of the attack to North Korean hackers, the investigation into the leak of NSA tools, and the broader implications for cybersecurity and state-sponsored cyber warfare.