Cyber exploitation is a new means of intelligence gathering. It refers to unauthorized access to computers, computer systems, or networks, in order to gain information, without affecting the functionality of the accessed system or deleting the data contained or in transit therein. States employ cyber exploitation both in peacetime and in wartime since cyber exploitation often proves relevant both in order to plan and launch an attack and in order to gain information for defensive purposes. Since international humanitarian law is the law that regulates the conduct of the hostilities, it is necessary to test the applicability of its rules to cyber exploitation. Cyber exploitation proves particularly problematic because it is an extremely recent phenomenon, while international humanitarian law rules were mainly codified in 1907, 1949 and 1977, when cyber warfare had not yet been envisaged. This paper first examines the international humanitarian law rules regarding intelligence collection in wartime, with particular regard given to espionage. This paper goes on to verify whether these old rules are applicable and relevant to the case of cyber exploitation. Finally, this paper examines the applicability of the rules regarding direct participation of civilians in hostilities to instances involving cyber exploitation. This paper concludes postulating that international humanitarian law considers cyber exploitation to be a lawful activity since these rules do not prohibit intelligence gathering. However, this paper further demonstrates that specific international humanitarian law rules are not applicable to cyber exploitation, apart from very marginal and unpractical cases.