Hacktivism, defined as the actions of criminal groups in cyberspace aimed at promoting socio-political agendas or spreading misinformation, has become an increasingly worrying phenomenon worldwide. In its most benign form, it can manifest as “digital vandalism”, disrupting the functions of states. However, in extreme cases, it can lead to data leaks, asset seizures, and the systematic tarnishing of an organization’s reputation, warn cybersecurity experts.
The boundaries between state-sponsored cyber operations and traditional hacktivism are blurring. Organizations worldwide will have to brace themselves for a diverse range of cyber threats, each with its unique motives and tactics.
In recent times, hacktivism has mirrored real-world conflicts, as evidenced by the Russian-Ukrainian conflict and the war between Hamas and Israel. Although the impacts of cyber-attacks and hacktivism may be less visible during the peak of wartime actions, the number of incidents has escalated as the digital and physical worlds collide.
“Government agencies, due to opposing views and influence in bringing about change, and multinational corporations perceived as ‘evil’ or having a negative societal or environmental impact, are the most frequent targets of hacktivist groups,” says Wojciech Głażewski, Country Manager of Check Point Software in Poland. Today, it’s challenging to utter the word “hacktivist” without thinking of Anonymous – the group responsible for waves of peaceful digital protests, typically in the form of Distributed Denial of Service (DDoS) attacks, aiming to present their version of truth and justice to the world.
While the Anonymous group may have popularized the term hacktivism, the actual threat it poses to businesses and government agencies goes much deeper. As detailed in Check Point’s bi-annual cybersecurity report for 2023, the average number of weekly cyber attacks worldwide has risen by 8%, marking the most significant increase in two years. These attacks are largely driven by artificial intelligence, the looming threat from organized ransomware groups, and hacktivism.
“Last year witnessed the emergence of ‘state-sponsored hacktivism’, where hacktivist groups select their targets based on geopolitical agendas, and in some instances, are funded or organized by governments themselves,” observes a Check Point expert. For instance, the Russia-affiliated “Killnet” group targeted Western healthcare organizations in early 2023, orchestrating a series of DDoS attacks in response to Western support for Ukraine. Another example is “Anonymous Sudan”, which emerged in January 2023, targeting companies like Scandinavian airlines and other Western organizations. They claim to conduct counter-offensive operations, targeting Western entities in retaliation for alleged anti-Muslim actions. Microsoft became one of the group’s latest targets, causing severe disruptions to the Outlook email service and the Azure hosting platform.
The Evolving Face of Hacktivism
Hacktivism is evolving from individual or independent group actions to coordinated, often state-sponsored organizations with ideological motivations. While ideology can unify and motivate the so-called “malicious actors”, the democratization of technology has played a significant role in propagating and spreading hacktivist actions. Artificial intelligence, especially generative AI, is one such powerful tool that remains unregulated. As organizations harness AI for their cyber defense strategies, threat actors and hacktivist groups work diligently to exploit AI for their offensive operations.
“Although technologies like generative AI undoubtedly facilitate malicious code creation and make it more accessible, cybercriminals resort to the same old vectors. AI isn’t employed to enhance the malware itself but rather its propagation method. Fake domains and phishing attacks remain among the most popular attack vectors, with AI making these fake domains and emails more sophisticated and harder to detect,” notes Wojciech Głażewski.
Artificial intelligence can also be used to organize sharper and faster DDoS attacks. A DDoS attack occurs when a server or website is flooded with artificial traffic requests to the extent that it becomes overloaded and stops working. This year, there was a record-breaking DDoS attack that reached a peak of 71 million requests per second!
Limiting Exposure to Hacktivism
Hacktivist attacks are ideologically driven, which is why for some companies – especially those operating in the public sector – exposure to them will be inevitable. Some companies will be targeted by hacktivists simply because of their existence, even if they are not a specific financial incentive. Partners, suppliers, and clients of the targeted organizations can also be in the line of fire. Being a victim of a cyberattack led by hacktivists is not necessarily a question of “if” but rather “when”.
However, there are certain crucial steps that companies from both the private and public sectors can take to reduce the risk. – Solid data backups will limit the power of a ransomware attack on a company and facilitate dealing with data manipulation or deletion by hacktivists. Cybersecurity awareness training for employees will also reduce the effectiveness of fake domains and other phishing tactics – lists Głażewski.
The Future of Hacktivism
The Check Point expert predicts that the future of hacktivism will develop in several directions, encompassing a combination of state-linked operations and grassroots movements. State hacktivism, thanks to external funding, will likely evolve and become more sophisticated. Hacktivist groups, especially those with clear ties to the state, will likely use larger and more powerful botnets to conduct destructive DDoS attacks on an unprecedented scale.
There is also evidence of cooperation between groups with different narratives, such as the pro-Islamic “Anonymous Sudan” and the pro-Russian “Killnet”, indicating a future where hacktivist groups can form alliances for mutual benefits, regardless of their core ideologies. This convergence can lead to more coordinated and effective hacking campaigns.
Grassroots hacktivism, driven by social, environmental, regional, or political motives, will also play a significant role. As global issues like climate change and human rights gain more attention, we can expect a resurgence of decentralized hacktivist movements. While these groups may not have as many resources as their state-backed counterparts, they can still cause significant disruptions, especially when rallying the global online community around a particular cause.
– We also see a greater impact of technology, with deepfakes becoming a regular tool in the hacktivist arsenal. Deepfakes have been used to impersonate powerful individuals and create propaganda during conflicts, as seen with Ukrainian President Volodymyr Zelensky. These tools can easily be purchased and used in social engineering attacks to gain access to sensitive data – adds the country manager of Check Point in Poland.
