Site icon Check Point Blog

New Hacktivism Model Trends Worldwide

Check Point Research outlines a new model of hacktivism now trending worldwide. Five characteristics mark today’s form of hacktivism, according to researchers: political ideology, leadership hierarchy, formal recruiting, advanced tools and public relations. CPR gives the hacktivist group Killnet as an example of the latest model, detailing its attacks by country and attack timeline. CPR warns that hacktivism that originates in conflict-related geographies has the potential to scale worldwide.

Check Point Research (CPR) outlines a new model of hacktivism now trending worldwide. The hacktivism of the new model is better organized, structured and sophisticated, compared to the past. Hacktivist groups no longer consist of a few random individuals who carry out small DDoS or defacement attacks on low-tier websites. These are coordinated organizations with distinct characteristics previously unseen.

Key Characteristics:

Why now?

CPR suspects the shift in the hacktivism model began roughly two years ago, with several hacktivist groups like Hackers of Savior, Black Shadow and Moses Staff that focused exclusively on attacking Israel.

CPR believes the Russian-Ukrainian war has proliferated the new model of hacktivism significantly. For example, The IT Army of Ukraine was publicly mobilized by the Ukrainian government to attack Russia. The new hacktivism also saw groups that supported the Russian geopolitical narrative, with groups like Killnet, Xaknet, From Russia with Love (FRwL), NoName057(16), and more.

Case Study: KILLNET, from East to West

In April of this year, the group completely shifted its focus to support Russian geopolitical interests all over the world. The group claimed to have executed more than 550 attacks, between late February and September. Only 45 of them were against Ukraine, less than 10% of the total number of attacks.

Figure 1. Distribution of Killnet attacks by country

Killnet Timeline – high profile events

 March: the group executed a DDoS attack on Bradley International Airport in Connecticut (US)

  1. April: websites belonging to the Romanian Government, such as the Ministry of Defense, Border Police, National Railway Transport Company and a commercial bank, were rendered unreachable for several hours.
  2. May: massive DDOS attacks were executed against two major EU countries, Germany and Italy
  3. June: Two very significant waves of attacks were executed against Lithuania and Norway in response to severe geopolitical developments between those countries and Russia
  4. July: Killnet focused their efforts on Poland and caused several government websites to be unavailable.
  5. August: Cyber-attacks were deployed on Latvia, Estonia and USA institutions
  6. September: the group targeted Asia for the first time and focused its efforts on Japan, due to Japan’s support for Ukraine

Read the full report  

 

 

Exit mobile version