International law and its related domains, including the law of armed conflict and international humanitarian law, have undergone significant transformations, one of which concerns the environment in which wrongful acts are committed. In today’s world, cyberspace has replaced physical spaces as a principal arena. Cyber operations—including espionage, cybercrimes, and, more broadly, cyberattacks—constitute violations of states’ obligations under international law. Given their capacity to inflict physical damage and human harm, such acts not only undermine states’ obligations but also give rise to state responsibility. Key questions arise as to whether cyberattacks fall within the notion of an “attack” as envisaged under the Geneva Conventions, how the responsible state or entity may be identified, and, once identified, how the conduct can be attributed to a state and what the ensuing consequences of responsibility would be. Accordingly, the central research question of this study is framed as follows: To what extent can cyberattacks be attributed to state conduct? Addressing this question requires, first, determining whether cyberattacks qualify as “attacks” under international law, which in turn necessitates a functional interpretation of Article 2(4) of the UN Charter, followed by a detailed inquiry into the processes of identification and attribution of cyberattacks.