By Sergey Shykevich, Threat Intelligence Group Manager, Check Point.
Hacktivism has traditionally been associated with loosely managed underground cyber criminal entities. These decentralized and unstructured groups are typically composed of individuals cooperating in support of specific agendas. Over the course of the last year, and following developments in the Russian-Ukrainian conflict, the hacktivist ecosystem has matured…
Hacktivist groups have tightened their level of organization and control, and today they conduct military-like operations, including recruitment and training, sharing of tools, intelligence and more.
Most new hacktivist groups have a clear and consistent political ideology that is affiliated with governmental narratives. Others are less politically driven, but have nonetheless made their operations more professional and organized through specifically targeted campaigns motivated by social, rather than economic, objectives.
Who’s responsible and do we know for sure?
This type of cyber warfare is not only about inflicting damage. All active hacktivist groups are aware of the importance of media coverage, and they use their communication channels to announce successful attacks, re-publishing insights about them to maximize the effect of attacks and to heighten fear…
There is a rising trend in groups claiming responsibility for cyber attacks when in reality, they had little or no involvement in them. Germany’s flagship airline, Lufthansa, experienced a severe IT issue in early 2023 which left thousands of passengers stranded at several airports across the country. It was thought to be the result of construction work causing damage to external cabling.
Pro-Russian hacktivist group, Killnet, claimed responsibility for the attack and said it was retaliation for Germany’s support of Ukraine. The group published a statement via its social media…
Despite the assertive message, there is little evidence to suggest that Killnet had any involvement in the attack. They appeared interested in enhancing their notoriety in order to increase fear. It is not always easy to establish who or what organization is responsible for an attack and it is even more difficult when the incident is potentially state-sponsored.
Who is the person (or government) behind the mask?
There is a big difference between claiming responsibility and being responsible. Operating under the cloak of anonymity may be seen as a way of legitimizing state-sponsored attacks, but when does it become terror, as opposed to disruption?
Research conducted by the University of Notre Dame argues that state-sponsored hacktivism is defined as “…weapons and attacks in the cyber domain intended to produce political effects similar to those usually sought as the goal or objective of a conventional use of force by states against one another.”
What will hacktivism look like across the remainder of 2023?
The frequency and sophistication of attacks in this new era of hacktivism will raise questions about attack origins. Who or what organization is behind the mask and are their actions motivated by political gain or interest in terror? In the months ahead, it will become increasingly difficult to identify what is a government, hacktivist or cyber attack.
It may be too soon to refer to hacktivism as state-sponsored terrorism, but there is no doubt that it is becoming harder to disconnect one from the other. As geopolitical tensions continue to dominate the global conversation, this new age of cyber warfare may only get worse, ahead of getting better.