Implicit and endemic grey-zone ambiguities mean that this might never be attributed to anything other than (yet) another heartlessly self-serving criminal enterprise that is leveraging the inflated value of hospitals and health data during a public health crisis.
I expect there are some logical and legal hurdles in defining acts of war this way. Not least – derived from the intrinsic ambiguity of attribution in this domain but perhaps as an inverse utilitarian principle and problem of measuring harms. How do we weigh the overt harms caused in hospitals as against the less obvious harms effected across an entire nation’s information-space for months, years? We might imagine that everyone (i.e. nation states) is playing this “grey game” – definitions, consequences and responsibilities are complicated by that fact.
That said, states have been known to “look the other way” when criminal actions take place that source from their own jurisdictions. Does *not* interceding represent aggression which crosses the threshold of defining an act of war? I doubt it. We could probably identify similar “restraint” applied across many contexts by many actors in this (and any other strategic) space.
The grey-zone works both ways.
Daedelus Kite 