Evgueni Erchov

Since 2007, Russia has increasingly blurred the lines between cyber operations and conventional warfare. From the takedown of Estonian infrastructure to the full-scale invasion of Ukraine, state-sponsored threat groups have played a central role in shaping modern conflict. This talk explores the evolution of Russian hybrid warfare through an OSINT lens - identifying cyber-military units, understanding their affiliations, and tracking their operations across conflicts. Using publicly available sources, leaked documents, social media, and infrastructure metadata, this session walks through the investigative workflows used to map Russian cyber-military entities, analyze their digital footprint, and connect the dots between cybercrime and geopolitical objectives. We'll also examine how the war in Ukraine has reshaped the cybercrime ecosystem and offer predictions about future state-actor behavior in conflict zones. This talk blends technical OSINT techniques with geopolitical analysis, providing practical frameworks and tools for analysts, threat hunters, and researchers focused on adversary attribution and long-term strategic tracking. Key Topics Covered: • Evolution of Russian hybrid warfare: Estonia (2007) to Ukraine (2022-2025) • OSINT methods to identify Russian cyber-military units and affiliations • Social media and metadata exploitation of military and GRU-linked personnel • Infrastructure recon: domains, TLS certificates, passive DNS, and comms patterns • War’s impact on the cybercrime underground and ransomware ecosystem • Predictive indicators for future state-linked cyber operations