There is an undeniable increase in hacktivism amidst the prevailing geopolitical tensions between Israel-Hamas, Ukraine-Russia, and Taiwan-China, with reports indicating an 11% surge in the first half of 2023 alone. This rise in cyberattacks is defining a new trend in the operations of hacktivist groups.
Cyberint, a prominent threat intelligence firm, reports a shift in hacktivist group models. As a company that meticulously tracks global hacktivist activities through a profound understanding of the open, deep, and dark web and social media, Cyberint has observed that hacktivists, traditionally known for launching cyber-attacks driven by ideological agendas, are now collaborating with cybercriminals for financially-driven campaigns. Indeed, some even affiliate themselves with nation-states, marking an evolution in their operating methods.
The trends in hacktivism reflect this remarkable shift towards financial motivations, as demonstrated by several prominent groups:
The Five Families Telegram Channel, a collective threat actor drawn from the groups ThreatSec, GhostSec, Stormous, Blackforums, and SiegedSec, marks an interconnected network of diverse hacktivist cells.
SiegedSec, identified as a Russian-aligned hacktivist group, reportedly launched attacks on NATO and Atlassian this year alone. This group’s activities indicate the increasing audacity of hacktivist operations and their capacity to challenge large institutions.
Similarly, Anonymous Sudan, an unofficially aligned hacktivist group with the nation of Sudan, has been seen to target significant corporations, including Microsoft and Riot Games, furthering their scope by partnering with other threat groups, namely REvil and KillNet.
KillNet, another Russian-aligned hacktivist group, appears to target US corporations specifically. A significant attack on US airlines, which led to 24 airline websites experiencing downtime, underlines this objective.
Investigating the intricate web of hacktivism and its evolving strategies, the transition from ideological to financial motivations, and the affiliations with national allies sheds light on the rapidly changing landscape of global cybersecurity threats. Cyberint continues to monitor these complex operations on the frontlines of this digital battlefield.