The Influence of Regional Conflicts on the Hacktivist Landscape

Hacktivism

In today’s volatile global landscape, regional conflicts are no longer confined to physical borders—they are increasingly playing out in the cyber domain, with hacktivist groups taking center stage.

The Evolving Hacktivism Threat

Two years after Russia’s invasion of Ukraine in late February 2022, the Russo-Ukrainian conflict has significantly transformed the hacktivist landscape. While hacktivism activities were once much less prevalent and had minimal impact, this conflict has introduced an unprecedented rise in hacktivist cyber activity. The war has spurred the rise of numerous new hacktivist groups and led to the evolution of their tactics.

Similarly, the Israel-Hamas conflict, which began in early October 2023, has sparked a dramatic surge in cyber attacks. Both conflict zones are marked by constant shifts, with some hacktivist groups disbanding and new ones continuing to emerge. Our analysis reveals that around 120 pro-Palestinian groups have recently targeted Israel, while approximately 90 pro-Russian hacktivist groups are focusing on Ukraine and its allies. These groups are fluid, with their numbers and activities continuing to rise. Both conflicts share common threat vectors, including distributed denial-of-service (DDoS) attacks, website defacement attacks, and various hacks and breaches that often result in data leaks.

Cognyte’s LUMINAR Threat Intelligence Group has analyzed a wide range of threat group activities in the hacktivism domain, and three notable trends have emerged:

1. Increasing nation-state influence

2. Shifting alignments of hacktivism groups

3. Intensifying impact of globalization

Read on to find out what is behind these shifts in the hacktivism landscape.

High-Profile Events Fuel Hacktivist Activity

According to data obtained by LUMINAR’s threat intelligence analysis, hacktivist activity tends to peak in response to high-profile, large-scale international events, as these groups seek to gain notoriety and boost their reputation. The LUMINAR Team has observed significant spikes in attacks following events such as the EU Parliament elections and the 2024 Paris Olympic Games. For example, during the first three days of the Olympic games, we detected that at least eight hacktivist groups targeted event-related organizations and networks, indicating a significant and large-scale campaign. The incidents involved different types of attack vectors, including DDoS, website defacement and additional alleged hacking incidents. The threat actors involved in these attacks used Telegram to publish messages accusing Olympics organizers of “Russophobia” and expressing anti-Western and anti-Israel sentiments.

A notable recent case is the massive DDoS campaign against France, sparked by the arrest of Telegram CEO Pavel Durov by French authorities on August 24, 2024. DDoS attacks on French websites began shortly after, on August 26, led by a mix of pro-Russian and pro-Palestinian hacktivist groups. Their targets have included government agencies and private companies, with over 50 French organizations impacted so far. These groups often use the hashtags #FreeDurov and #opDurov, and their motivations vary—some express support for Telegram and Durov, while others cite patriotic motives, rallying behind a fellow Russian national.

Hacktivism Free Durov
Image used by a hacktivist group to boast about DDoS attacks performed following Durov’s arrest, published on Telegram

With the escalation of recent geopolitical conflicts, particularly the Russo-Ukrainian War and the Israel-Hamas War, three significant trends in hacktivism have emerged:

1. Increasing Nation-State Influence

Traditionally, hacktivist groups have been characterized by their anti-establishment stance, driven by activism and opposition to national interests. With the onset of the Russo-Ukrainian war, this landscape has evolved, as hacktivist groups increasingly align themselves with national agendas and geopolitical motives, supporting their nation’s interests in geopolitical conflicts. Despite this shift, many still present themselves as “independent” actors, avoiding any open acknowledgment of direct ties to nation-state actors. Yet, it is becoming increasingly clear that APT (advanced persistent threat)groups are exerting growing influence on the hacktivism landscape, blurring the lines between hacktivist groups and nation-state actors. These connections can be operational—where a hacktivist group claims responsibility for an APT group’s actions—or financial, with nation-states providing resources that enhance the group’s capabilities, escalating the threat and impact of successful attacks. APT groups are stealthy threat actors, typically a state or state-sponsored, which carry out network breaches that remain undetected for an extended period of time. APT groups may also be non-state-sponsored groups conducting large-scale targeted intrusions to achieve specific goals.

In some cases, APT groups engage in “faketivism,” where they create and nurture hacktivist personas to mask their identity and maintain deniability for their actions. While faketivism has been around for at least a decade, recent studies and incidents indicate a marked increase in both its frequency and scale. For example, security researchers have suggested that a prominent pro-Iranian hacktivist group is, in fact, a front for Iran’s Islamic Revolutionary Guard Corps (IRGC). Similarly, a Russia-aligned APT group has been found to be actively cultivating hacktivist personas through multiple Telegram channels. The growing influence of APT groups in this arena adds a new layer of complexity to the analysis of these groups, including their tactics, techniques, and procedures (TTPs), as well as their overall threat level.

2. Shifting Alignments of Hacktivism Groups

In parallel to the increasing impact of nation-state actors in this landscape, we’ve observed notable shifts in hacktivists’ motivations. Before the onset of the Israeli-Hamas conflict, pro-Russian hacktivist groups primarily targeted entities related to the Russo-Ukrainian conflict, focusing on Ukraine and its allies. However, following Hamas’ October 7 attack on Israel, several Russia-aligned groups, both established and emerging, have expressed pro-Palestinian support and initiated cyber-attacks against Israel. On the other side of the coin, a number of pro-Palestinian hacktivist groups that previously targeted Israel and its allies have now begun aligning with Russian interests. This indicates a significant shift in alignment for nationalistically-motivated hacktivist groups, as pro-Palestinian groups have begun targeting countries perceived as Ukrainian allies, while pro-Russian groups increasingly attack Israel and its allies.

3. Intensifying Impact of Globalization

The shift in hacktivists’ motivations has also sparked another emerging trend: increased international collaboration among hacktivist groups with diverse agendas. Recently, several global collectives have formed, bringing together many hacktivist groups from various regions and backgrounds. While alliances and partnerships are not new in this landscape, the growing cooperation between groups with differing targets, TTPs), and threat vectors is notable. This trend is likely to lead to more sophisticated and complex joint attacks, amplifying the threat they pose.

Our analysis has revealed that more than two years after the Russo-Ukrainian war gave new life to the hacktivism landscape, it continues to evolve at a rapid pace. The emerging trends we’ve highlighted above are particularly impactful, with the potential to fundamentally reshape both the cyberthreat landscape and how regional conflicts play out.

2024 Threat Intelligence Report Cognyte

Threat Intelligence Is Critical for Combatting Hacktivism

As hacktivist activity evolves, organizations in sectors such as government, critical infrastructure, finance, healthcare, and technology must remain vigilant to counter these rapidly changing threats. Threat intelligence solutions like LUMINAR, which analyze diverse sources including the deep and dark web, group messaging, and other platforms, provide essential early warnings and situational awareness to combat sophisticated hacktivist threats. Features such as LUMINAR’s GenAI risk scoring assistant helps in monitoring various threat actors, including hacktivist groups, allowing organizations to stay ahead of disruptive campaigns. Comprehensive platforms offering capabilities like vulnerability intelligence, external attack surface management, and threat actor profiling enable a proactive approach, helping organizations swiftly address emerging threats and significantly reduce the risk of hacktivism.

Click here to discover how LUMINAR can safeguard your organization from hacktivism and other threats

See how analytics-driven
threat intelligence works

Tanya Gottdiener , Threat Intelligence Product Analyst

Tanya is a Threat Intelligence Product Analyst for the LUMINAR Threat Intelligence team. Tanya is responsible for analyzing trends in the Deep and Dark Web as well as researching APT, cybercrime and hacktivist attacks worldwide. She holds an M.A. in International Relations and Affairs from the Hebrew University and studied Mandarin at Sichuan University.
See more from this author