“ Ukraine war blurs lines between cyber-crims and state-sponsored attackers”
The lines always were blurred, just as they are in real wars of the flea.
A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine, according to Trend Micro analysts. The infosec vendor pointed out that RomCom's operators, threat group …
Nothing says they have to be. If they infect an energy company but don't manage to get access to the infrastructure, they can still do a number of things. They could look at communications and impersonate people, they could get records of energy usage from the bills, they could make fake documents to try to confuse people, or they could take down the corporate systems and see if the IT department can get them back up before problems show up. It's not as big an effect as taking down the energy generation systems would be, and I'm sure they'll happily accept an exploit of those if they could, but that doesn't make it harmless.