In the increasingly fluid context of hybrid warfare (https://f3rm1.cloud/articoli/guerra-ibrida-e-conseguenze-reali-dell-azioni-nel-mondo-digitale-1), a new form of threat is emerging with worrying clarity: Cyber Extorsion 2.0, a strategy that merges cyberspace with the physical world through the use of targeted coercion and induced sabotage. Recent events in Russia, where arsons were allegedly caused by individuals blackmailed by Ukrainian hackers, offer a disturbing example of this evolution. These attacks, if confirmed, could mark an epochal turning point in the conduct of modern conflicts.
A new front of hybrid warfare
Traditionally, hybrid warfare is defined as a combination of conventional and non-conventional tools: military operations, disinformation, propaganda, and cyber actions. However, Cyber Extorsion 2.0 represents a qualitative leap in this area. Here, cyberspace is not just a place of attack, but a vector for directly influencing human behavior in the real world.
According to some sources, groups of hackers allegedly linked to Ukraine hacked personal accounts of Russian citizens, obtaining compromising data. Under threat of dissemination of such information or of retaliation against their loved ones, these people were allegedly forced to carry out acts of sabotage on public buildings or energy infrastructures. It is a form of psychological terrorism that uses digital vulnerability as a lever to generate physical damage.
In particular the Post (https://www.ilpost.it/2025/01/14/attacchi-incendiari-russia-ucraina/) reported that in the second half of December 2024, at least 34 attacks occurred in various cities of Russia arsonists against public and private buildings. Russian authorities claim that these attacks were orchestrated by Ukrainian call centers through phone scams. The attackers, Russian citizens of different ages and professions, were allegedly convinced to transfer money to the scammers in exchange for the promise of an exceptional financial return. Subsequently, they were allegedly blackmailed: to get the money back, they would have to set fire to pre-established targets.
"Explosions and fires continue to occur near Moscow and St. Petersburg, with banks, post offices, military recruiters, shopping centers and police cars targeted by citizens paid by "phone scammers" in exchange for small sums of money. Many of those responsible are desperate pensioners.”, commented Jay in Kyiv on X.
(https://x.com/JayinKyiv/status/1870514172464668833)
An effective strategy
This strategy is based on some key steps, it is an effective tactic because it is decentralized and difficult to attribute directly:
1. Gathering sensitive data: Through malware, phishing, database breaches, hackers collect personal data, including compromising secrets, browsing histories, private communications, or family information.
2. Selection of the target: individuals with privileged access or with strategic roles (workers in the energy sector, public employees, etc...) become ideal targets.
3. Blackmail and coercion: the target receives concrete threats, ranging from the publication of personal information to physical retaliation against loved ones, if they do not cooperate.
4. Physical sabotage action: under psychological pressure, the target is forced to carry out a harmful action in the real world, such as a fire, tampering or a leak of sensitive information.
A new psychology of conflict
Cyber Extorsion 2.0 introduces a disturbing dimension: it no longer affects only infrastructures or IT systems, but the people themselves, as instruments of conflict. War becomes personal, intimate, emotional. You don't need soldiers or drones to inflict damage, but compromising information and a well-calibrated threat are enough. This dynamic poses enormous ethical and strategic challenges. First of all, the saboteurs are not ideological terrorists, but ordinary citizens forced to choose between the lesser evil. Secondly, prevention is much more complex: how can you protect an infrastructure if the danger comes from within or from a blackmailed employee?
Implications for the private sector
Companies, particularly those operating in critical sectors such as energy, telecommunications, transport, logistics and finance, now find themselves facing an existential threat. Traditional security systems (firewalls, antivirus, access controls) are no longer enough. The vulnerability is not only technical, but human.
A blackmailed employee could in fact:
•sabotage plants or machinery;•alter company data or reports;•install malware;•steal confidential information or intellectual property.
Therefore, the consequences could be disastrous, not only economically but also in terms of reputation, investor confidence and public safety. A successful attack against critical infrastructure could generate blackouts, block supply chains or paralyze entire industrial sectors.
How to defend yourself
To counteract Cyber Extorsion 2.0, organizations must take a more holistic and multidisciplinary approach to security. Some key elements include:
1. protection of employees' personal data, network segmentation, monitoring of anomalous behavior.
2. employees must be trained not only on technical risks, but also on how to recognize and report attempts at coercion.
3. create safe channels to report external pressures, offering protection and assistance.
4. constant exchange of information between companies, governments and law enforcement to promptly identify emerging threats.
5. use of threat intelligence tools to monitor the dark web, Telegram channels or underground forums where these attacks are planned.
The future of Cyber Extorsion
The Cyber Extorsion 2.0 may not remain confined to the Russian-Ukrainian context. In a hyperconnected world, where personal data is widespread and accessible, any malicious state actor, whether criminal or terrorist, could employ similar tactics. It is foreseeable that these strategies will evolve, combining with the use of artificial intelligence to make blackmail even more targeted, convincing and devastating. The democratization of hacking tools (exploit kits, malware-as-a-service) also makes it possible for small groups with limited resources to exploit these tactics on a global scale. Cyber Extortion 2.0 represents a new frontier of hybrid warfare, a cross-cutting threat that challenges the traditional boundaries between war, terrorism, crime and corporate security. It is a wake-up call that cannot be ignored. Trying to govern this threat requires a profound cultural change. We need to start thinking about cybersecurity as human security. And this means acting on multiple levels (technological, psychological, organizational) to protect not only infrastructures, but also the people who manage them. The future of conflicts is no longer played out only on battlefields or in cyber space: it is played out in the minds and lives of ordinary people. And precisely for this reason, it requires new, courageous and collaborative responses.