The Cyber Defense eMagazine November Edition for 2023

However, many corporate cyber teams do not appear to be looking at these threat groups as seriously
as they should, putting their companies on the back foot, across a range of geographies. I argue that this
stems from a limited understanding of the geopolitical and security landscape and the developments
spawning these groups, as well as a weak grasp of how, when and why they operate, and who they are
intent on pursuing.
Real-world events – politics, war, sanctions – arguably exert the biggest influence over the tactics and
techniques employed by hacktivists. The Ukraine war is a case in point. It has led to the creation of new
– and the re-emergence of dormant – hacker groups. Each side in the conflict is now able to draw on
cyber actors willing to fight for their respective cause.
Ukraine’s volunteer ‘cyber army’ has impacted key Russian sectors, while pro-Russia groups have
launched widespread DDoS attack campaigns against European states over their support for Ukraine.
The latter have hit sectors such as banking, finance, energy, and transport. And, recently, they have
upped the ante by explicitly threatening to carry out what they describe as destructive hacks against
Western financial entities, in an attempt to paralyse global payment systems.
While most pro-Russia hacktivist groups stalking corporations do not appear to be capable of inflicting
significant damage or major financial loss, they nonetheless present a persistent disruptive threat. The
groups’ goals are to exert pressure and embarrassment, often making demands aimed at drawing
businesses deeper into their line of fire. It has forced more and more decision-makers to adopt a
defensive posture, for instance through enhanced DDoS protections. Such is the danger they pose that
the UK National Cyber Security Centre this year warned that these state-aligned groups intended to
launch “destructive and disruptive attacks”.
As a way of boosting their profile, hacktivists have also turned to brazen, coercive tactics and threats to
pressure their victims. This summer, the hacktivist group ‘Anonymous Sudan’, which supports Russia,
claimed responsibility for DDoS attacks against a major European airline and Microsoft365 services. And
the prolific pro-Russian ‘Killnet’ collective has escalated its threats, warning of physical attacks (such as
the burning of offices and the singling out of employees) of a target organisation. While such threats are
probably overblown, they are effective because of the psychological pressure they can place on
companies and their staff.
States’ leveraging of hacktivists complicates the threat to businesses. There has been growing evidence
of collusion between the Russian state and pro-Russia groups since the Ukraine war broke out in
February 2022. The cybersecurity firm Mandiant said earlier this year that it had identified three “so-called
hacktivist groups” that appeared to be working with – or operating as a front for – the Russian intelligence
agencies. An unverified, leaked US intelligence report this year revealed coordination between a pro-
Russia hacktivist group and the Russian FSB domestic security service in an operation that could
potentially have damaged a Canadian gas facility.
Many corporations do not have a sense of the hacktivist threat they face until they have been targeted.
However, with a greater understanding of the geopolitical landscape, cybersecurity teams would be better
equipped to identify and track developments or indicators that might place their organisation in hacktivist
crosshairs. A whole series of events during the Ukraine war have sparked a near-immediate response
Cyber Defense eMagazine – November 2023 Edition 64
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.