Research into modern hacktivist tactics, a threat to digital infrastructure
Hacktivism, a combination of hacking and activism, has become a major force in the digital landscape.
Driven by social, political or religious motives, hacktivists use a variety of cyber tactics to achieve their goals, often targeting organizations or governments they perceive as oppressive or unjust.
They use their technical skills to bring about change and their motivations are diverse: from standing up for free speech and opposing censorship to protesting human rights violations or religious discrimination.
DDoS attacks, web defacements and data breaches
A new report CYFIRMA has detailed that hacktivists see themselves as digital activists and often operate under the banner of justice, targeting entities they believe should be held accountable for their actions. While some groups focus on specific regional or national issues, others engage in broader campaigns that span multiple countries and continents.
One of the most common tactics used by hacktivists is Distributed Denial-of-Service (DDoS) attacks. These attacks flood websites with excessive traffic, disrupting them and making them inaccessible. Hacktivists use a variety of DDoS tools, including web-based IP stressors and botnet services, to attack different layers of the Open Systems Interconnection (OSI) model.
Web defacement is a common tactic in which hacktivists alter the content of websites to display political or ideological messages. This approach embarrasses website owners and spreads the hacktivist’s message to a wider audience. By exploiting vulnerabilities such as cross-site scripting or SQL injection, hacktivists can deface websites with relative ease. Platforms such as Zone-X track and display defaced websites globally, increasing the visibility and impact of these actions.
Data breaches and doxing are also popular methods used by hacktivists to expose sensitive information. By exploiting vulnerabilities in databases or network security, hacktivists gain access to confidential data, which they then release publicly. Doxing involves disclosing personal information about individuals, often to intimidate or harass them. These tactics can have serious ethical and legal implications, highlighting the aggressive nature of some hacktivist activities.
Hacktivist groups are increasingly working together to increase their impact. These alliances can include partnerships with DDoS service providers, other hacktivist groups, or even state assets. For example, pro-Palestinian hacktivists have formed alliances with pro-Russian groups, while Indian hacktivists have teamed up with Nepalese counterparts. Such alliances allow for coordinated large-scale attacks, increasing the effectiveness of their operations and causing significant disruption.
A notable example is the “Holy League,” a coalition of over 70 pro-Russian, pro-Palestinian, and other allied groups. These alliances facilitate knowledge sharing, joint planning, and resource pooling, making it difficult for target countries to defend themselves against these well-coordinated cyber threats.
While hacktivism has traditionally focused on ideological goals, some groups have shifted to using ransomware for both financial gain and political purposes. The availability of leaked ransomware source code, such as that of LockBit and Conti, has allowed hacktivists to develop their ransomware variants. Some groups, such as Belarusian Cyber Partisans, have used ransomware to make political demands rather than to demand monetary ransoms, highlighting the changing nature of hacktivist tactics.
In addition to ransomware, hacktivists have found other ways to monetize their activities. They sell data obtained from breaches, offer training on offensive hacking techniques, and even charge for access to exclusive content on private channels. These monetization strategies provide financial support for their activities, allowing hacktivist groups to continue and expand their activities.
Recruitment is vital for hacktivist groups, as they are constantly looking for new members who share their ideologies. Many recruits are young, often between the ages of 16 and 24, and are drawn to hacktivism by a sense of nationalism or a desire to combat perceived injustice. Hacktivist groups use social media platforms and private channels to spread their messages, organize attacks, and recruit members. These platforms also allow them to showcase their successes, attract new followers, and grow their influence.
As hacktivist groups continue to evolve, their impact on digital infrastructure and global affairs cannot be ignored. Governments and organizations must remain vigilant and invest in cybersecurity measures, intelligence sharing, and international cooperation to counter the growing threat posed by these digital activists.
