Freely subscribe to our NEWSLETTER

• Before, hacktivism was mostly focused on few individuals carrying small scale DDoS and defacement attacks
• Now, hacktivism is better organized, structured and sophisticated
• CPR believes the new model of hacktivism began in conflict areas in the Middle East and Eastern Europe and proliferated to other areas during 2022

Check Point Research outlines a new model of hacktivism now trending worldwide. The hacktivism of the new model is better organized, structured and sophisticated, compared to the past. Hacktivist groups no longer consist of a few random individuals who carry out small DDoS or defacement attacks on low-tier websites. These are coordinated organizations with distinct characteristics previously unseen.

Key Characteristics:

• Consistent political ideology (manifestos and/or sets of rules)
• Hierarchy of leadership (Smaller groups relay attack orders to “commanders)
• Formal recruitment process (Based on minimum requirements)
• Tools that the groups provide to their members (Advanced tools for notoriety)
• Robust public relations functions (Presences on major websites)

Why now?

CPR suspects the shift in the hacktivism model began roughly two years ago, with several hacktivist groups like Hackers of Savior, Black Shadow and Moses Staff that focused exclusively on attacking Israel.

CPR believes the Russian-Ukrainian war has proliferated the new model of hacktivism significantly. For example, The IT Army of Ukraine was publicly mobilized by the Ukrainian government to attack Russia. The new hacktivism also saw groups that supported the Russian geopolitical narrative, with groups like Killnet, Xaknet, From Russia with Love (FRwL), NoName057(16), and more.

Case Study: Killnet, from East to West

In April of this year, the group completely shifted its focus to support Russian geopolitical interests all over the world. The group claimed to have executed more than 550 attacks, between late February and September. Only 45 of them were against Ukraine, less than 10% of the total number of attacks.

Killnet Timeline – high profile events

1. March: the group executed a DDoS attack on Bradley International Airport in Connecticut (US)
2. April: websites belonging to the Romanian Government, such as the Ministry of Defense, Border Police, National Railway Transport Company and a commercial bank, were rendered unreachable for several hours.
3. May: massive DDOS attacks were executed against two major EU countries, Germany and Italy
4. June: Two very significant waves of attacks were executed against Lithuania and Norway in response to severe geopolitical developments between those countries and Russia
5. July: Killnet focused their efforts on Poland and caused several government websites to be unavailable.
6. August: Cyber-attacks were deployed on Latvia, Estonia and USA institutions
7. September: the group targeted Asia for the first time and focused its efforts on Japan, due to Japan’s support for Ukraine

Sergey Shykevich, Threat Intelligence Group Manager at Check Point Software:
“Hacktivism now has a whole new meaning. Before, the term meant a few random folks launching small DDoS attacks. Hacktivism is no longer just about social groups with fluid agendas. Now, hacktivism is better organized, structured and more sophisticated. I believe everything changed within the past year, especially with the start of the Russia-Ukraine war.

“There are some key characteristics that mark the new model of hacktivism, including a consistent political ideology, clear hierarchy of leadership, formal recruiting processes, sophisticated tool set, and robust PR capabilities.

“Though the change began in specific conflict-related geographical regions, it has now spread west and even further. Major corporations and governments in Europe and the US are being heavily targeted by this emerging type of hacktivism. All this allows the new hacktivism groups to be mobilized to governmental narratives and achieve strategic and broad-based goals with higher success levels – and much wider public impact - than ever before.”