During his brutal war in Ukraine, Russian troops burned down cities, raped and tortured civilians, and committed numerous potential war crimes. On November 23, lawmakers across Europe were overwhelmed labeled Russia is a “state sponsor” of terrorism and called for further easing of ties with the country. The response to the statement was immediate. The European Parliament website was taken offline by a DDoS attack.
The unsophisticated attack, in which a website is flooded with traffic to make it inaccessible, caused Parliament’s website to a couple of hours. Pro-Russian hacktivist group Killnet claimed responsibility for the attack. The hacktivist group has targeted hundreds of organizations around the world this year, with some limited small-scale successes taking websites offline for short periods of time. It has been a player in a larger wave of hacktivism.
After years of sporadic hacktivist activity, hacktivism has resurfaced on a large scale in 2022. The large-scale Russian invasion of Ukraine has spawned dozens of hacktivist groups on both sides of the conflict, while so-called hacktivist groups are launching increasingly destructive attacks in Iran and Israel. This new wave of hacktivism, which varies between groups and countries, is introducing new tactics and approaches and increasingly blurring the lines between hacktivism and government-sponsored attacks.
“I’m not going to say that hacktivism was dying, but it certainly had been dying for a while,” said Juan Andres Guerrero-Saade, chief threat researcher at security firm SentinelOne. Over the past four or five years, Guerrero-Saade explains, hacktivism has often come in extremes: low-level disruptions and more sophisticated attacks that can be a cover for nation-state hacking. “You have so many more players in the space and a much firmer middle ground between those two extremes,” Guerrero-Saade says of the current situation.
The Russian invasion of Ukraine in February sparked a wave of hacktivist activity. The old hacktivist collective Anonymous was revived, but new groups were also formed. Ukraine’s unparalleled IT Army, a volunteer group of hackers from around the world, has continuously launched DDoS attacks against Russian targets described in its Telegram group. In June there was a speech by Vladimir Putin delayed after a cyber attack. Other hacktivist-affiliated groups have conducted massive hack-and-leak operations against Russian entities, resulting in hundreds of gigabytes of data from Russia being published online.
On the other side of the conflict, there are four main pro-Russian hacktivist groups, said Sergey Shykevich, manager of the Threat Intelligence Group at security firm Check Point. These are: Killnet, NoName 057, From Russia With Love and XakNet. Killnet is probably the most active of these groups, says Shykevich. “Since April, they have attacked about 650 targets — only about 5 percent of them were Ukraine.” Like the European Parliament, the targets were largely countries that opposed Russia. The group, which primarily uses DDoS attacks, is proactive on Telegram, media-friendly, and speaks to Russian speakers.
DDoS attacks still occupy an inordinate place in modern hacktivism. An FBI notice, issued in early November, says those behind DDoS attacks have “minimal operational impact” on their victims. “Hacktivists often choose targets that are believed to have a greater perceived impact than an actual disruption to operations,” the FBI said. In other words, the barking is often worse than the biting.