Search results for hacktivist | Breaking Cybersecurity News | The Hacker News

In the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions. Since the war against Ukraine began, we have witnessed a notable mobilization of non-state and state-backed actors alike, forming new groups or joining existing hacker collectives.  We understand hacktivism as a form of computer hacking that is done to further the goals of political or social  activism 1 . While  activism  describes a normal, non-disruptive use of the Internet in order to support a specific cause (online petitions, fundraising, coordinating activities),  hacktivism  includes operations that use hacking techniques with the intent to disrupt but not to cause serious harm (e.g., data theft, website defacements, redirects, Denial-of-Service attacks). Cyber operations that inherit a willingness or intent to cause harm to physical property, severe economic damage or loss of life would be referred to...

Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date. "The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms," Check Point Research said in a new report shared with The Hacker News. "Notably, FunkSec demanded unusually low ransoms, sometimes as little as $10,000, and sold stolen data to third parties at reduced prices." FunkSec launched its data leak site (DLS) in December 2024 to "centralize" their ransomware operations, highlighting breach announcements, a custom tool to conduct distributed denial-of-service (DDoS) attacks, and a bespoke ransomware as part of a ransomware-as-a-service (RaaS) model. A majority of the victims are located in the U.S., India, Italy, Brazil, Israel, Spain, and Mongolia. Check Point's analysis of the group...

The hacktivist group Anonymous has launched a massive cyber attack against the Islamic State of Iraq and Syria (ISIS) — the radical Islamic terrorist group who were  responsible for the terrorist attack against the Paris offices of satirical magazine Charlie Hebdo . With huge social media presence, ISIS is the most active terror group on Facebook, Twitter, YouTube and Instagram accounts. But unluckily, over dozens of Facebook and Twitter accounts linked to ISIS has recently been taken by the Anonymous group. In a video appeared on Youtube, Anonymous group and RedCult announced the operation  #OpISIS  and claimed to have carried out cyber attack against hundreds of Twitter and Facebook accounts used by ISIS for its own propaganda and to recruit new members. According to the video, Operation  #OpISIS  is coordinated by "Muslims, Christians, Jews"  alike and a masked individual discusses the aim of the campaign. They are " ...

A hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyber attacks against Russian targets. "Rather than demand a ransom for decrypting data, Twelve prefers to encrypt victims' data and then destroy their infrastructure with a wiper to prevent recovery," Kaspersky said in a Friday analysis. "The approach is indicative of a desire to cause maximum damage to target organizations without deriving direct financial benefit." The hacking group, believed to have been formed in April 2023 following the onset of the Russo-Ukrainian war, has a track record of mounting cyber attacks that aim to cripple victim networks and disrupt business operations. It has also been observed conducting hack-and-leak operations that exfiltrate sensitive information, which is then shared on its Telegram channel. Kaspersky said Twelve shares infrastructural and tactical overlaps with a ransomware group called DARKSTA...

A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos. "The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, that was then used to issue malicious commands and deploy PathWiper across connected endpoints," researchers Jacob Finn, Dmytro Korzhevin, and Asheer Malhotra said in an analysis published Thursday. The attack is assessed to be the work of a Russia-nexus advanced persistent threat (APT) actor based on the tradecraft observed and the overlapping capabilities with destructive malware used in attacks against Ukraine. Talos said the commands issued by the administrative tool's console were received by its client running on the victim endpoints and then executed as a batch (BAT) file. The BAT file, in turn, consisted of a command to run a malicious Visu...

Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire that conducted a record 35,000 DDoS attacks in a single year, including those that targeted Microsoft's services in June 2023. The attacks, which were facilitated by Anonymous Sudan's "powerful DDoS tool," singled out critical infrastructure, corporate networks, and government agencies in the United States and around the world, the U.S. Department of Justice (DoJ) said. Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, have been charged with one count of conspiracy to damage protected computers. Ahmed Salah has also been charged with three counts of damaging protected computers. If convicted on all charges, Ahmed Salah faces a statutory maximum sentence of life in federal prison, while Alaa Salah faces a maximum sentence of five years in federal prison. The DDoS tool is said to have been disabled in March 2024, the same...

At least three alleged hacktivist groups working in support of Russian interests are likely doing so in collaboration with state-sponsored cyber threat actors, according to Mandiant. The Google-owned threat intelligence and incident response firm  said  with moderate confidence that "moderators of the purported hacktivist Telegram channels 'XakNet Team,' 'Infoccentr,' and 'CyberArmyofRussia_Reborn' are coordinating their operations with Russian Main Intelligence Directorate (GRU)-sponsored cyber threat actors." Mandiant's assessment is based on evidence that the leakage of data stolen from Ukrainian organizations occurred within 24 hours of  malicious wiper incidents  undertaken by the Russian nation-state group tracked as  APT28  (aka Fancy Bear, Sofacy, or Strontium). To that end, four of the 16 data leaks from these groups coincided with  disk wiping malware attacks  by APT28 that involved the use of a strain dubbed  CaddyWiper . APT...

Barrett Brown , a journalist, formerly served as an unofficial spokesman for the hacktivist collective Anonymous, finally walked free from prison on Tuesday morning after serving more than four years behind bars. The Dallas-born investigative journalist was arrested in 2012 from his home while he was in the middle of an online chat after posting tweets and YouTube video threatening revenge against an FBI agent. Brown, 35, initially attracted the law enforcement attention in 2011 when he shared a hyperlink to an IRC (Internet Relay Chat) channel where Anonymous members were distributing stolen information from the hack at security think tank Strategic Forecasting or Stratfor. The hack allegedly exposed 200 gigabytes of data, which included email addresses and credit card information from Stratfor clients, including the US Army, US Air Force, and Miami Police Department. Originally facing sentence to more than 100 years in prison, Brown was convicted in January 2015 under ...

After targeting the Islamic State (ISIS) group in the wake of Deadly terror attacks in Paris, hacktivist group Anonymous has now turned its attention to controversial US presidential candidate Donald Trump . The hacktivist group has declared war against Donald Trump following his recent radical speech stating he wanted to ban Muslims from entering the United States. Anonymous vs. Donald Trump On Wednesday, Anonymous slams Trump by posting a YouTube video in which a man in a Guy Fawkes mask says: "Donald Trump, it has come to our attention that you wish to ban all muslims from entering the United States. Muslims and Islam are not the problem. This policy will have grave impact and will serve only to fuel the emotions that ISIS uses to recruit muslims. Certainly ISIS will use this to their advantage in their social media campaigns. Instead of focusing on the innocent, the focus should be set on ways to protect them from the radicalized individuals they flee. Dona...

New research has linked the operations of a politically motivated hacktivist group known as Moses Staff to another nascent threat actor named  Abraham's Ax  that emerged in November 2022. This is based on "several commonalities across the iconography, videography, and leak sites used by the groups, suggesting they are likely operated by the same entity," Secureworks Counter Threat Unit (CTU)  said  in a report shared with The Hacker News. Moses Staff, tracked by the cybersecurity firm under the moniker  Cobalt Sapling , made its  first appearance  on the threat landscape in September 2021 with the goal of primarily targeting Israeli organizations. The geopolitical group is believed to be  sponsored  by the Iranian government and has since been linked to a string of espionage and sabotage attacks that make use of tools like  StrifeWater RAT  and open source utilities such as  DiskCryptor  to harvest sensitive informatio...

The mother of alleged Anonymous hacktivist Barrett Brown has pleaded guilty to helping her son hide two laptop computers from federal investigators. Brown's mother, Karen McCutchin , pleaded guilty last week to a charge of obstructing the execution of a search warrant. She faces a maximum sentence of 12 months in prison and a $100,000 fine. Sentencing has not yet been scheduled. On March 6, 2012, officers with the Federal Bureau of Investigation raided Brown's Dallas, Texas apartment in an attempt to execute a search warrant for computers that could contain information involving hacktivist group Anonymous and LulzSec. The feds hadn't found all the computers they were looking for during a search of Brown's apartment that morning and Brown, located at his mother's house, refused to volunteer them. Karen McCutchin Plea Agreement Barrett Brown is expected to stand trial in September, at which point he will have spent an entire year behind bars witho...

The U.S. Department of Justice yesterday announced updates on two separate cases involving cyberattacks—a Swiss hacktivist and a Russian hacker who planned to plant malware in the Tesla company. A Swiss hacker who was involved in the intrusion of cloud-based surveillance firm Verkada and exposed camera footage from its customers was charged by the U.S. Department of Justice (DoJ) on Thursday with conspiracy, wire fraud, and identity theft. Till Kottmann (aka "deletescape" and "tillie crimew"), 21, of Lucerne, Switzerland, and their co-conspirators were accused of hacking dozens of companies and government agencies since 2019 by targeting their "git" and other source code repositories and posting the proprietary data of more than 100 entities on a website called git[.]rip, according to the indictment. Kottmann is alleged to have cloned the source code and other confidential files containing hard-coded administrative credentials and access keys, using th...

A hacktivist collective called  GhostSec  has claimed credit for compromising as many as 55 Berghof programmable logic controllers ( PLCs ) used by Israeli organizations as part of a "Free Palestine" campaign. Industrial cybersecurity firm OTORIO, which  dug deeper  into the incident, said the breach was made possible owing to the fact that the PLCs were accessible through the Internet and were secured by trivially guessable credentials. Details of the compromise first came to light on September 4 after GhostSec shared a video on its Telegram channel demonstrating a successful login to the PLC's admin panel, in addition to dumping data from the hacked controllers. The Israeli company said the system dumps and screenshots were exported directly from the admin panel following unauthorized access to the controllers through their public IP addresses. GhostSec (aka Ghost Security), first identified in 2015, is a self-proclaimed  vigilante group  that was i...