Politically motivated hackers who take issue with the politics of the establishment have become a growing threat to a wide range of organisations in recent years.
But these threats are becoming more significant and problematic as “hacktivist” groups who previously had little in common are joining forces to form more powerful alliances determined to cause harm.
That’s the latest finding from Searchlight Cyber’s dark web threat intelligence team, which has charted the rise of the hacktivist “supergroup”.
Searchlight Cyber researcher Vlad, who wishes to remain anonymous, points out that the recent escalation in regional conflicts, from the war in Ukraine to Israel’s conflict with Hamas has seen an uptick in hacktivist alliances on both sides.
“But it particularly impacts the West because those who side with Russia tend to attack the Western countries who support Ukraine and the Palestinian supporters attack Israel and its allies,” says Vlad.
Supergroups such as the Holy League, an alliance of 80 different organisations with their own particular grievances, modus operandi and ambitions, have united around common anti-Western, anti-Israel and Pro-Russian sentiments to launch more co-ordinated and powerful attacks.
Another example is CyberVolk, a pro-India cybercriminal and hacktivist group known to conduct DDoS attacks against Pakistan, UK and US-based entities, which teamed up with Pro-Russian group NoName057(16) to launch an attack on the Basque Country parliament in Spain in July.
These loose networks, which co-ordinate their efforts on communication platforms such as Telegram, have become more effective because they have joined forces, says Searchlight Cyber’s Vlad.
Now groups whose aims were limited by lack of finance or technological assets can take advantage of the resources of more powerful organisations such as the Russian state, which has decades of experience in cybercrime and cyber warfare.
“In the past hacktivism was more targeted at specific organisations for ideological reasons, but now – partly because the most obvious targets have good security in place – they are going for anyone. The attack on Spain, for example, targeted 25 companies from banks to transport companies to schools and local authorities to take revenge against the Guardia Civil because the police arrested their members.”
Attacks can vary from DDoS attacks to brand image defacement to exfiltration of data, although the amount of damage caused by these supergroups is difficult to quantify because their claims on Telegram are probably exaggerated and difficult to verify, says Searchlight Cyber.
The organisation suggests that organisations prepare themselves by monitoring activist groups that target their region, religion or industry, especially if that organisation has a military or defence connection.
“Look out for signs of attempted intrusions, but if it has already happened, you can only reset your passwords, talk to cybersecurity specialists about how to handle attacks and be ready for the next time.”
