Did the Russia-Ukraine war start a hacktivist revolution?

April 10, 2023
Hacktivist groups will only become bolder and more agile with their attempts to disrupt

This January marked one year since Russia’s first cyberattacks on Ukrainian critical infrastructure, beginning with government websites, followed by attacks on banks and government services on February 15. A wave of Wiper attacks on the telecom infrastructure system aligned with Russia’s physical invasion of the country, last February 24.

Since then, we’ve seen a surge of politically-motivated hacktivism and social engineering from different groups across the globe, cascading into a forced evolution of the international cybersecurity community’s response to cyber war.

But can the past year’s influx of global cyberattacks be solely attributed to the Russia-Ukraine conflict? Far from it.

After all, let’s reflect on some recent headlines, both related and unrelated to the war. In addition to the timely release of deadmau5’s pro-hacktivism song “Antisec”, the first month of 2023 consisted of a Swiss cybercriminal leaking an FBI’s No Fly List, Mexican hacktivist group, Guacamaya, leaking stolen data in retaliation of the exploitation of Latin American indigenous lands, and the findings of a pro-Iranian spoof site created by a Turkish volunteer hacking group who targeted Israel with Iranian malicious activity in 2022.

Wide Variety of Cybercrime, but A Common Theme Prevails

Like the myriad hacktivist attacks linked to the Russian-Ukrainian conflict since last January 2022, these politically motivated groups undertake campaigns leveraging public communication channels to influence public opinion. What’s more, we expect their misinformation efforts to become increasingly sophisticated.

Generative AI innovations made over the past few months, like ChatGPT, will only help make non-native language-speaking groups savvier and more prolific in their efforts, with remarkably convincing language content. This evolving dynamic in automation technology, as well as easy public access to it, adds a new variety of risks to infrastructures across the globe.

Ukraine-based hacktivist efforts from successful groups like IT Army have been accompanied by an onslaught of global support from outside volunteers. One of the most known collectives, known as Anonymous, admitted to leaking Kremlin-owned surveillance data and taking down Iranian drones and Kremlin-aligned government websites – just this year. From the pro-Russia side, KillNet and NoName057(16) launched campaigns against the Czech election, Danish banking systems, and healthcare sectors in 2023, targeting Ukraine and its NATO allies.

It’s clear the unprecedented cyber war, combined with rising global economic struggles and easy public access to new automation technology, enables independent politically motivated actors to take matters into their own hands. And, unlike the physical boundaries, limits, and visibility traditionally associated with war, this hacktivist movement poses a borderless threat at a global level. It creates a new merging and leveling of physical and cyber battlefields.

Public-Private Collaboration is Key

Effectively addressing these threats to Western democracies requires constant proactive and collaborative efforts from public and private partnerships. Such collaboration emerged to help Ukraine and other regions in times of need. In 2022, Trellix, Microsoft, Cisco, and Google all actively shared threat intelligence information with Ukraine and NATO governments, with the EU rapid response team lending support to the US side and have been removing malware worldwide and pre-empting cyberattacks throughout the conflict.

Similarly, the Russia-Ukraine conflict forced the U.S. administration to recognize the need to protect critical infrastructure and fight foreign information manipulation and interference. Events like SolarWinds, Hafnium, and Ukraine prompted bipartisan action from the administration and Congress on new security standards and funding to significantly build on the nation’s commitment and the work of past administrations.

As 2023 progresses, the same threats aren’t going anywhere. Hacktivist groups, no matter the cause they support or the desire for political or financial gain, will only become bolder and more agile with their attempts to disrupt. The past year’s cyber warfare activity only underscored the importance of international collaboration which we will see continue to rise to fight back against hackers with mal intent.

About the author: John Fokker is a Principal Engineer at Trellix. John leads the Threat Intelligence Group (TIG) that empowers Trellix customers, industry partners, and global law enforcement efforts with 24/7 mission-critical insights on the ever-evolving threat landscape. Prior to joining Trellix, he worked at the Dutch National High-Tech Crime Unit (NHTCU), the Dutch National Police unit dedicated to investigating advanced forms of cybercrime. During his career, he has supervised numerous large-scale cybercrime investigations and takedowns. Fokker is also one of the co-founders of the NoMoreRansom Project

About the Author

John Fokker | Principal Engineer at Trellix

John Fokker is a Principal Engineer at Trellix. John leads the Threat Intelligence Group (TIG) that empowers Trellix customers, industry partners, and global law enforcement efforts with 24/7 mission-critical insights on the ever-evolving threat landscape. Prior to joining Trellix, he worked at the Dutch National High-Tech Crime Unit (NHTCU), the Dutch National Police unit dedicated to investigating advanced forms of cybercrime. During his career he has supervised numerous large-scale cybercrime investigations and takedowns. Fokker is also one of the co-founders of the NoMoreRansom Project