Hacktivism, a fusion of hacking and activism, has become a significant force in the digital landscape.
Driven by social, political, or religious motivations, hacktivists employ a variety of cyber tactics to advance their causes, often targeting organizations or governments they perceive as oppressive or unjust.
They use their technical skills to promote change and their motivations range from defending freedom of expression and fighting censorship to protesting against human rights violations or religious discrimination.
DDoS attacks, web defacements and data leaks
A new report from CYFIRMA details that hacktivists consider themselves digital activists and often act under the banner of justice, targeting entities they believe should be held accountable for their actions. While some groups focus on specific regional or national issues, others engage in broader campaigns spanning multiple countries and continents.
One of the most commonly used tactics by hacktivists is distributed denial of service (DDoS) attacks. These attacks overload websites with excessive traffic, causing outages and rendering them inaccessible. Hacktivists use a variety of DDoS tools, including web-based IP stressors and botnet services, to attack different layers of the Open Systems Interconnection (OSI) model.
website defacement is a fairly common tactic, where hacktivists alter the content of websites to display political or ideological messages. This approach embarrasses Website owners and spreads the hacktivists' message to a wider audience. By exploiting vulnerabilities such as cross-site scripting or SQL injection, hacktivists can deface websites with relative ease. Platforms such as Zone-X track and display defaced websites globally, increasing the visibility and impact of these actions.
Data breaches and doxing are also popular methods used by hacktivists to expose sensitive information. By exploiting vulnerabilities in databases or network security, hacktivists gain access to sensitive data, which they then release to the public. Doxing involves publicly revealing personal information about individuals, often to intimidate or harass them. These tactics can have serious ethical and legal implications, highlighting the aggressive nature of some hacktivist activities.
Hacktivist groups are increasingly collaborating to increase their impact. These alliances can include partnerships with DDoS service providers, other hacktivist groups, or even state threat actors. For example, pro-Palestinian hacktivists have formed alliances with pro-Russian groups, while Indian hacktivists collaborate with their Nepalese counterparts. These alliances allow for large-scale coordinated attacks, amplifying the effectiveness of their operations and causing significant disruption.
A notable example is the “Holy League,” a coalition of more than 70 pro-Russian, pro-Palestinian, and other aligned groups. These alliances facilitate knowledge sharing, joint planning, and pooling of resources, making it difficult for targeted nations to defend themselves against these well-coordinated cyber threats.
Although hacktivism has traditionally focused on ideological goals, some groups have chosen to use ransomware for both economic and political purposes. The availability of leaked source codes for ransomware, such as those of LockBit and Conti, has allowed hacktivists to develop their own variants. Some groups, such as the Belarusian Cyber Partisans, have used ransomware to make political demands rather than seek a monetary ransom, highlighting the changing nature of hacktivist tactics.
In addition to ransomware, hacktivists have found other ways to monetize their activities. They sell data obtained from security breaches, offer training courses on offensive hacking techniques, and even charge for access to exclusive content on private channels. These monetization strategies provide financial support for their operations, allowing hacktivist groups to maintain and expand their activities.
As hacktivist groups continue to evolve, their impact on digital infrastructure and global affairs cannot be ignored. Governments and organizations must remain vigilant, investing in cybersecurity measures, intelligence sharing, and international cooperation to counter the growing threat posed by these digital activists.