Radware has released a new report, Hacktivism Unveiled: Insights into the Footprints of Hacktivists. It provides an in-depth, comparative analysis of the motivations, targets, tactics and techniques, and DDoS activities of the world’s top 15 most active political and religious hacktivists groups.
Radware’s threat intelligence reveals the rankings and profiles of top attacking actors, the most attacked countries and websites, as well as some misperceptions about well-known hacktivist groups. The findings in Hacktivism Unveiled are based on the tracking and analysis of messages from active hacktivists groups on Telegram during the period between Feb. 18 – April 18, 2023.
Pascal Geenens, Radware’s director of threat intelligence, noted the changing landscape of hacktivism.
Geenens said, “While religious hacktivism has remained a constant threat over the years, Russia’s invasion of Ukraine has ushered in a whole new wave of not only patriotic and political hacktivism, but also hacktivism in general. Modern-day hacktivism with its barrage of denial-of-service attacks is bolder, more determined, and more media-driven than ever before.”
During the period between Feb. 18 – April 18, 2023, over 1,800 denial-of-service attacks were claimed by political and religious hacktivists across 80 Telegram channels.
- NoName057(16) claimed almost 30% of the attacks, followed by Anonymous Sudan (18%) and Mysterious Team (13%). NoName057(16) is by far the most active DDoS hacktivist among the politically driven, pro-Russian hacktivists.
- Anonymous Sudan, Mysterious Team, and Team Insane PK are responsible for most of the religiously driven DDoS activity and ranked second, third, and fourth respectively among hacktivists claiming the most attacks.
- While there might be doubts about the alignment of Anonymous Sudan to the Russian government, their attack motives and patterns suggest a religiously motivated group rather than a politically motivated one.
- Killnet, the group most prominently covered in the media and often suspected of the most hacktivist DDoS activity, did not rank among the top 15 of hacktivists, claiming 11 attacks during the period compared to NoName057(16)’s 544 attacks.
- Passion, the pro-Russian, turned for-profit criminal hacktivist group that provides DDoS-for-hire services, stands out among the hacktivists targeting large U.S. cloud organisations.
Top attacked countries
During the period from Feb. 18 – April 18, 2023:
- Israel topped the list of most attacked countries, shouldering 11% of the DDoS attacks, followed by India (9%), Poland (8%), and Australia (8%). Israel, India, and Australia were targets of pro-Islamic hacktivists during the recent #OpIsrael, #OpIndia, and #OpAustralia operations.
- The United States (6%) and Germany (6%), followed by Sweden (5%), Ukraine (5%), Denmark (4%), and Italy (4%) rounded out the list of top 10 most targeted countries.
- Poland is the only country in the top five that was specifically targeted by pro-Russian hacktivists in attacks relating to the Russo-Ukrainian war.
Top Attacked Websites
During the two-month period:
- Business (19%), government (18%), and travel (13%) websites were the most targeted by hacktivists, followed by financial services (7%), education (6%), and health and medicine (4%).
- Business and government websites were attacked by most of the top hacktivist groups that were tracked in the report.
- Financial services and travel websites were primarily targeted by NoName057(16), Team Insane PK, Mysterious Team, and Anonymous Sudan.
Geenens added, “Denial of service has always been an important tactic used by hacktivist groups, and this will not change any time soon. Any organisation, independent of size and industry, can become a target of hacktivists who desire to advance their cause and hold organisations and governments accountable for their actions.
“While there is no reason for panic, organisations need to be prepared. It is widely known in the security community that disrupting or impacting an organisation or infrastructure requires more perseverance than skills or sophistication.”
Radware’s complete Hacktivism Unveiled report can be found on the company’s website.