{"id":22897,"date":"2025-05-02T11:37:06","date_gmt":"2025-05-02T10:37:06","guid":{"rendered":"https:\/\/interface.media\/?p=22897"},"modified":"2025-05-02T11:37:12","modified_gmt":"2025-05-02T10:37:12","slug":"hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias","status":"publish","type":"post","link":"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/","title":{"rendered":"Hacktivists at large: Why no organisation is safe from digital militias"},"content":{"rendered":"\n<p>The term itself may have <a href=\"https:\/\/web.archive.org\/web\/19970207061623\/http:\/info-nation.com\/skinhead.html\" target=\"_blank\" rel=\"noreferrer noopener\">been coined<\/a> in the late 1990s, but hacktivism is still thriving in the mid-2020s. In fact, what were once loosely connected and decidedly amateur activist groups are increasingly evolving into more highly skilled, focused and formidable \u201cdigital militias\u201d. And they are determined to make an impact.<\/p>\n\n\n\n<p>The bad news for corporate network defenders is that hacktivists can always contrive a pretence to attack. That means no organisation is safe. It\u2019s time to expect the unexpected.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-from-activism-to-impact\">From activism to impact<\/h3>\n\n\n\n<p>For many years, hacktivism was associated with groups like Anonymous and LulzSec. These organisations mainly used distributed denial of service (DDoS) attacks and web defacement to make political points. Although their rhetoric may have been fierce, these highly distributed collectives mainly worked to raise awareness of political causes. Notably, these included the Occupy movement, the Arab Spring, and the treatment of Julian Assange. Their campaigns rarely caused significant financial, reputational or operational harm to the chosen victims. Websites soon came back online, defaced pages were returned to normal, and the world quickly forgot about any non-sensitive information that may have been leaked.<\/p>\n\n\n\n<p>That\u2019s certainly not the case in 2025. The hacktivist groups we encounter today are usually focused on impact as well as attention. They want to hack and leak sensitive information, destabilise governments and businesses, and even disrupt critical services. As a result, they\u2019re more likely to be made up of a tighter inner circle of skilled operatives. These operatives then recruit carefully in secret and focus on operational security\u00a0(OpSec) to evade the authorities.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-understanding-the-drivers-for-hacktivism\">Understanding the drivers for hacktivism<\/h3>\n\n\n\n<p>Their motivation could be ideological, political, nationalist or simply opportunistic\u2014and in some cases, a blend of more than one of these drivers. Most tend to be ideologues focused on religious or geopolitical conflicts. Think: pro-Russian \u201cNoName057(16)\u201d, which accuses its detractors of \u201csupporting Ukrainian nazis\u201d, or GhostSec, which claims fight for a free Palestine.<\/p>\n\n\n\n<p>Then there are the politically motivated groups that seek to influence government policy. SiegedSec has targeted conservative initiative Project 2025, while being a vocal participant in #OpTransRights. GlorySec, a likely South American group of self-described anarcho-capitalists, aligned with Taiwan in its attempt to break free from China\u2019s sphere of influence.<\/p>\n\n\n\n<p>Nationalist groups are less common but often go heavy on cultural symbols and patriotic rhetoric to justify their actions. The Indian \u201cTeam UCC\u201d likes to position itself as a defender of persecuted Hindus worldwide, especially in Bangladesh. Several pro-Russian groups also fit the nationalist mould, with prominent Russian flags and jingoistic pronouncements about defending the motherland.<\/p>\n\n\n\n<p>Opportunistic groups, on the other hand, seem to target victims simply because they are easy to hack. SiegedSec hacked into a Chinese messaging application\u2019s website, claiming that \u201cit\u2019s not secure at all\u201d, for example.&nbsp;<\/p>\n\n\n\n<p>The whole picture gets more confusing still, when one peers closer. The Israel-Hamas conflict has drawn in other groups for which this fight is not their main focus, such as TeamUCC (pro-Israel). Pro-Russian groups often side with China in disputes, for example. Also, GlorySec aligns with Ukraine, NATO, and Israel but seems unsupportive of trans rights. The bottom line is that these loose cannons could theoretically find a reason to turn their firepower on any potential target.\u00a0<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-hacktivism-cybercrime-and-state-level-attacks\">Hacktivism, cybercrime and state-level attacks<\/h3>\n\n\n\n<p>They do this using many familiar TTPs. DDoS is a favourite, with attacks now fairly straightforward to launch given the number of booter sites open for business. Although these attacks have become&nbsp;more advanced of late, incorporating multiple attack vectors to bypass traditional mitigations, they are relatively low impact. Likewise, web defacements are usually short-lived, even though some more recent attacks include malicious code injections&nbsp;to compromise victim networks.&nbsp;<\/p>\n\n\n\n<p>More concerning for organisations caught in the hacktivist crossfire are hack-and-leak campaigns. These campaigns are designed to exfiltrate and publish sensitive data via file-sharing platforms. Iranian state-aligned group Cyber Av3ngers\u00a0was a prolific exponent of this, <a href=\"https:\/\/gbhackers.com\/hack-private-power-station-in-israel\/\" target=\"_blank\" rel=\"noreferrer noopener\">sharing details<\/a> of SCADA systems from an Israeli facility, which were subsequently assessed to be recycled.<\/p>\n\n\n\n<p>The same group has been pegged for attacks on critical infrastructure systems, an increasingly popular tactic for hacktivists. <a href=\"https:\/\/www.fdd.org\/analysis\/2023\/12\/06\/iranian-hackers-compromise-american-water-utilities\/\" target=\"_blank\" rel=\"noreferrer noopener\">Its compromise<\/a> of Israeli-made industrial control <a href=\"https:\/\/interface.media\/blog\/2025\/03\/26\/mobile-security-qa-nuke-from-orbit-ceo-james-osullivan-talks-cybercrime-smartphones-and-ai\/\">devices<\/a> in utilities facilities led to much hand-wringing from American security experts, and residents in Ireland going without drinking water for two days.<\/p>\n\n\n\n<p>Perhaps most concerning is the increasingly blurred lines between hacktivism and cybercrime activity. Some groups, like CyberVolk, are using ransomware to fund their operations. Others have promoted a variant dubbed \u201cSMTX_GhostLocker\u201d, which seems to be developed by GhostSec. And some hacktivists, like Ikaruz Red Team, <a href=\"https:\/\/interface.media\/blog\/2025\/04\/29\/is-banning-ransomware-payments-the-right-approach\/\">use ransomware<\/a> to target their victims, although not ostensibly to generate profits.<\/p>\n\n\n\n<p>An equally concerning development is the alignment of state activity with hacktivism. This is most obvious in Russia, where groups like <a href=\"https:\/\/www.infosecurity-magazine.com\/news\/pro-russian-hacktivist-attacks\/\" target=\"_blank\" rel=\"noreferrer noopener\">NoName<\/a> and <a href=\"https:\/\/www.infosecurity-magazine.com\/news\/killnet-claims-us-airport-ddos\/\" target=\"_blank\" rel=\"noreferrer noopener\">KillNet<\/a> have long been suspected of government direction or arms-length involvement. The UK\u2019s <a href=\"https:\/\/www.ncsc.gov.uk\/news\/heightened-threat-of-state-aligned-groups\" target=\"_blank\" rel=\"noreferrer noopener\">NCSC has warned<\/a> about the potential for destructive attacks by such groups.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-playing-the-long-game\">Playing the long game<\/h3>\n\n\n\n<p>Against this fast-evolving backdrop, the best response for CISOs is to get back on the front foot through investment in DDoS mitigation, and documenting and patching external systems to reduce the risk of defacements. For more sophisticated threats, the best approach is attack surface risk management (ASRM). This approach continuously monitors assets for security gaps and then recommends remediation steps. Combined with extended detection and response (XDR), it provides both resilience and rapid discovery and containment of threats before they can cause harm.<\/p>\n\n\n\n<p>Above all, plan for the long term. These digital militias aren\u2019t going anywhere.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>David Sancho, Senior Antivirus Threat Researcher at Trend Micro, investigates the threat of \u201chacktivism\u201d against the modern enterprise. <\/p>\n","protected":false},"author":480,"featured_media":22898,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"apple_news_api_created_at":"2025-05-02T10:37:10Z","apple_news_api_id":"f7384bcf-be5d-4dfb-a976-7c745f67c23f","apple_news_api_modified_at":"2025-05-02T10:37:11Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/A9zhLz75dTfupdnx0X2fCPw","apple_news_cover_media_provider":"image","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_cover_video_id":0,"apple_news_cover_video_url":"","apple_news_cover_embedwebvideo_url":"","apple_news_is_hidden":"","apple_news_is_paid":"","apple_news_is_preview":"","apple_news_is_sponsored":"","apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":[],"apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[3],"tags":[],"topic":[613],"class_list":["post-22897","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-interface","topic-cybersecurity"],"acf":[],"apple_news_notices":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.6 (Yoast SEO v26.6) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Hacktivists at large: Why no organisation is safe from digital militias - Interface<\/title>\n<meta name=\"description\" content=\"David Sancho, Senior Antivirus Threat Researcher at Trend Micro, investigates the threat of \u201chacktivism\u201d against the modern enterprise.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hacktivists at large: Why no organisation is safe from digital militias\" \/>\n<meta property=\"og:description\" content=\"David Sancho, Senior Antivirus Threat Researcher at Trend Micro, investigates the threat of \u201chacktivism\u201d against the modern enterprise.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/\" \/>\n<meta property=\"og:site_name\" content=\"Interface\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-02T10:37:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-02T10:37:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/05\/iStock-1493931968.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1143\" \/>\n\t<meta property=\"og:image:height\" content=\"643\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dan Brightmore\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dan Brightmore\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/\",\"url\":\"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/\",\"name\":\"Hacktivists at large: Why no organisation is safe from digital militias - Interface\",\"isPartOf\":{\"@id\":\"https:\/\/interface.media\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/05\/iStock-1493931968.jpg\",\"datePublished\":\"2025-05-02T10:37:06+00:00\",\"dateModified\":\"2025-05-02T10:37:12+00:00\",\"author\":{\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748\"},\"description\":\"David Sancho, Senior Antivirus Threat Researcher at Trend Micro, investigates the threat of \u201chacktivism\u201d against the modern enterprise.\",\"breadcrumb\":{\"@id\":\"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/#primaryimage\",\"url\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/05\/iStock-1493931968.jpg\",\"contentUrl\":\"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/05\/iStock-1493931968.jpg\",\"width\":1143,\"height\":643,\"caption\":\"David Sancho, Senior Antivirus Threat Researcher at Trend Micro, investigates the threat of \u201chacktivism\u201d against the modern enterprise.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/interface.media\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hacktivists at large: Why no organisation is safe from digital militias\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/interface.media\/#website\",\"url\":\"https:\/\/interface.media\/\",\"name\":\"Interface\",\"description\":\"Delivering World Class Content \u201cFrom Executive, For Executive\u201c\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/interface.media\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748\",\"name\":\"Dan Brightmore\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/interface.media\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g\",\"caption\":\"Dan Brightmore\"},\"url\":\"https:\/\/interface.media\/blog\/author\/dbrightmore\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Hacktivists at large: Why no organisation is safe from digital militias - Interface","description":"David Sancho, Senior Antivirus Threat Researcher at Trend Micro, investigates the threat of \u201chacktivism\u201d against the modern enterprise.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_GB","og_type":"article","og_title":"Hacktivists at large: Why no organisation is safe from digital militias","og_description":"David Sancho, Senior Antivirus Threat Researcher at Trend Micro, investigates the threat of \u201chacktivism\u201d against the modern enterprise.","og_url":"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/","og_site_name":"Interface","article_published_time":"2025-05-02T10:37:06+00:00","article_modified_time":"2025-05-02T10:37:12+00:00","og_image":[{"width":1143,"height":643,"url":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/05\/iStock-1493931968.jpg","type":"image\/jpeg"}],"author":"Dan Brightmore","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Dan Brightmore","Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/","url":"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/","name":"Hacktivists at large: Why no organisation is safe from digital militias - Interface","isPartOf":{"@id":"https:\/\/interface.media\/#website"},"primaryImageOfPage":{"@id":"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/#primaryimage"},"image":{"@id":"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/#primaryimage"},"thumbnailUrl":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/05\/iStock-1493931968.jpg","datePublished":"2025-05-02T10:37:06+00:00","dateModified":"2025-05-02T10:37:12+00:00","author":{"@id":"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748"},"description":"David Sancho, Senior Antivirus Threat Researcher at Trend Micro, investigates the threat of \u201chacktivism\u201d against the modern enterprise.","breadcrumb":{"@id":"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/#primaryimage","url":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/05\/iStock-1493931968.jpg","contentUrl":"https:\/\/interface.media\/wp-content\/uploads\/sites\/3\/2025\/05\/iStock-1493931968.jpg","width":1143,"height":643,"caption":"David Sancho, Senior Antivirus Threat Researcher at Trend Micro, investigates the threat of \u201chacktivism\u201d against the modern enterprise."},{"@type":"BreadcrumbList","@id":"https:\/\/interface.media\/blog\/2025\/05\/02\/hacktivists-at-large-why-no-organisation-is-safe-from-digital-militias\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/interface.media\/"},{"@type":"ListItem","position":2,"name":"Hacktivists at large: Why no organisation is safe from digital militias"}]},{"@type":"WebSite","@id":"https:\/\/interface.media\/#website","url":"https:\/\/interface.media\/","name":"Interface","description":"Delivering World Class Content \u201cFrom Executive, For Executive\u201c","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/interface.media\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/interface.media\/#\/schema\/person\/7c33499ca8e42b097028109cccb22748","name":"Dan Brightmore","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/interface.media\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9ca282f0ef431735a64685769ad57886e24b074c4c58314392755fb79164164?s=96&d=mm&r=g","caption":"Dan Brightmore"},"url":"https:\/\/interface.media\/blog\/author\/dbrightmore\/"}]}},"_links":{"self":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/22897","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/users\/480"}],"replies":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/comments?post=22897"}],"version-history":[{"count":1,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/22897\/revisions"}],"predecessor-version":[{"id":22899,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/posts\/22897\/revisions\/22899"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/media\/22898"}],"wp:attachment":[{"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/media?parent=22897"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/categories?post=22897"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/tags?post=22897"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/interface.media\/wp-json\/wp\/v2\/topic?post=22897"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}