A cyber attack is a cyber operation, whether offensive or defensive, that is reasonably expected to cause injury or death to persons or damage or destruction to objects.
Michael Schmitt et al; Tallinn Manual 1.0, pp 92
- ✅ Cyber Operation?
- ❌ Expected to cause death or injury to people or damage to objects?
Russian-linked Actors Use of USAID's Constant Contact API Keys For Malware Distribution does not match
this definition. Here's a list of actual cyberattacks and
and why this matters.
A report from Microsoft and Volexity documents a cyber espionage campaign operated by Russian-linked actors using USAID’s Constant Contact email service to send malware to 3,000 email addresses in 150 organizations including governments, think-tanks, NGOs targets. With earliest observed activity on January 28th, 2021.
Microsoft and Volexity attributed the behavior to APT29/Nobelium, the same threat actor group involved in the SolarWinds Supply Chain espionage operation.