The Russia-Ukraine cyber war has escalated the use of cyberspace as a battleground, employing information warfare and cyberattacks to achieve geopolitical objectives. Numerous studies document cyberattacks, espionage, and propaganda from both sides targeting government, military, and civilian infrastructure, including election interference, power grid disruption, and data theft. While the exact motivations remain unclear, the sophistication of cyber capabilities and challenges of attribution and deterrence are highlighted. Social media platforms have become critical sources of intelligence due to their real-time data, expansive reach, and user-generated content. This paper analyzes the importance of social media-based cyber intelligence in understanding and countering Russia's cyber threats in the conflict, building upon previous research demonstrating social media's role in rapid information dissemination, incident tracking, corroboration of attacks, and assessment of public sentiment and propaganda.

Existing research on the Russia-Ukraine cyber war details Russia's offensive cyber operations, including the disruption of Georgian internet access and the deployment of destructive malware in Ukraine. Studies highlight Russia's intelligence gathering as a major cyber threat to Ukraine and document notable events like the 2014 Ukrainian election interference, the 2015 power grid disruption in Ukraine using Industroyer2, and the 2017 NotPetya attack. Ukrainian retaliatory attacks and hacktivist actions are also noted. Previous work has explored social media analytics for cybersecurity, using sentiment analysis to predict cyberattacks and techniques like TF-IDF and LDA for feature extraction and topic analysis. This paper advances prior work by providing a more comprehensive and systematic use of NLP techniques within a four-dimensional cyber intelligence framework.

This study uses an advanced social media analytics methodology focusing on Twitter data. Tweets containing "cyber" or "hack" were retrieved using the Twitter API. A multi-stage analysis pipeline was then employed. First, language detection using the Microsoft Cognitive Services Text Analytics API was performed. Tweets were then divided into English and non-English sets. English tweets underwent sentiment analysis; non-English tweets were translated into English using the Microsoft Cognitive Services API and then subjected to sentiment analysis. Tweets were grouped by country mentions, followed by term frequency analysis and LDA topic modeling for each country group. Standard preprocessing steps (lowercasing, stop word removal, HTML tag removal, tokenization) were also undertaken. The process involved seven key steps: obtaining tweets, categorizing them by language, translating non-English tweets, performing sentiment analysis, grouping tweets by country, calculating term frequency, and conducting LDA topic analysis. A flowchart and pseudocode detailing the process are included, and additional NLP algorithms (Porter stemming, n-grams) are also discussed.

The analysis covered 37,386 tweets from 30,706 users in 54 languages from October 13, 2022, to April 6, 2023. Table 4 summarizes the data for each month, showing an increase in tweets, users, and locations over time. The average negative sentiment remained relatively stable, with negative sentiment scores consistently higher than neutral or positive. Figure 5 and 6 show daily and monthly average sentiment scores, while Figure 7 compares the average negative sentiment for worldwide, Russian, and Ukrainian tweets, revealing a higher negative perception of Russian cyber issues. Topic analysis of Russian cyber-related tweets (Table 5) revealed seven topics, with keywords focusing on Russian involvement, attacks, blame, threats, and mentions of specific individuals and organizations. Similarly, topic analysis of Ukrainian cyber-related tweets revealed seven topics, emphasizing Ukraine's experiences, challenges, and collaborations with international entities. Figure 8 summarizes the findings, illustrating the contrasting dynamics of Russian and Ukrainian cyber activities. Russian activities involved state actors, intelligence agencies, and offensive attacks, reflecting a strategic objective. Ukrainian activities focused on defense and international collaboration. Figure 9 demonstrates the system's mobile deployment capabilities. Overall, Russian cyber activity generated higher average negative sentiment (0.61) compared to worldwide (0.36) and Ukrainian (0.50) averages.

The topic analysis reveals significant differences in the discourse surrounding Russian and Ukrainian cyber activities. The analysis of Russian tweets highlighted themes of Russian state involvement, offensive cyber operations, and the attribution of blame for attacks. The analysis of Ukrainian tweets, conversely, emphasized defensive strategies and international cooperation. The higher negative sentiment associated with Russian cyber activities suggests a stronger perception of threat and malicious intent. The study's findings contribute to understanding the information landscape surrounding the Russia-Ukraine cyber conflict, offering insights into the perceptions and narratives surrounding each side's actions.

This paper presents a novel NLP-based approach for analyzing social media data related to the Russia-Ukraine cyber war. The four-dimensional cyber intelligence framework provides a comprehensive method for understanding this complex conflict. The study's limitations include reliance on third-party APIs, the challenges of misinformation and fake accounts, and the need for information validation from multiple sources. Future work could address these limitations and expand the analysis to include other social media platforms.

The study's reliance on Twitter data as a single source may limit the overall scope of the analysis. The presence of misinformation and fake accounts on Twitter poses challenges to data quality and accuracy. The use of third-party APIs and black box algorithms limits the transparency and fine-tuning possibilities. Finally, information alignment across multiple social media platforms remains a challenge that wasn't fully addressed in this study.