www.darkreading.com
Open in
urlscan Pro
2606:4700::6812:6d2f
Public Scan
URL:
https://www.darkreading.com/threat-intelligence/russian-hacktivism-takes-toll-organizations-ukraine-eu-us
Submission: On October 04 via api from TR — Scanned from DE
Submission: On October 04 via api from TR — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches
Cloud
ICS/OT
Remote Workforce
Perimeter
Analytics
Security Monitoring
Security Monitoring
App Sec
Database Security
Database Security
Risk
Compliance
Compliance
Threat Intelligence
Endpoint
AuthenticationMobile SecurityPrivacy
AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management
Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People
Identity & Access ManagementCareers & People
Physical Security
IoT
DR Global
Middle East & Africa
Middle East & Africa
Black Hat news
Omdia Research
Events
Close
Back
Events
Events
* Black Hat Europe - December 4-7 - Learn More
* Black Hat Middle East and Africa - Nov 14-16 - Learn More
Webinars
* Tips for A Streamlined Transition to Zero Trust
Oct 05, 2023
* Using AI in Application Security Tooling
Oct 12, 2023
Resources
Close
Back
Resources
Dark Reading Library >
Reports >
Webinars >
White Papers >
Slideshows >
Newsletters >
Events >
Partner Perspectives: Microsoft
Partner Perspectives: Google Cloud
Newsletter Sign-Up
The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches
Cloud
ICS/OT
Remote Workforce
Perimeter
Analytics
Security Monitoring
Security Monitoring
App Sec
Database Security
Database Security
Risk
Compliance
Compliance
Threat Intelligence
Endpoint
AuthenticationMobile SecurityPrivacy
AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management
Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People
Identity & Access ManagementCareers & People
Physical Security
IoT
DR Global
Middle East & Africa
Middle East & Africa
Black Hat news
Omdia Research
Events
Close
Back
Events
Events
* Black Hat Europe - December 4-7 - Learn More
* Black Hat Middle East and Africa - Nov 14-16 - Learn More
Webinars
* Tips for A Streamlined Transition to Zero Trust
Oct 05, 2023
* Using AI in Application Security Tooling
Oct 12, 2023
Resources
Close
Back
Resources
Dark Reading Library >
Reports >
Webinars >
White Papers >
Slideshows >
Newsletters >
Events >
Partner Perspectives: Microsoft
Partner Perspectives: Google Cloud
The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches
Cloud
ICS/OT
Remote Workforce
Perimeter
Analytics
Security Monitoring
Security Monitoring
App Sec
Database Security
Database Security
Risk
Compliance
Compliance
Threat Intelligence
Endpoint
AuthenticationMobile SecurityPrivacy
AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management
Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People
Identity & Access ManagementCareers & People
Physical Security
IoT
DR Global
Middle East & Africa
Middle East & Africa
Black Hat news
Omdia Research
Events
Close
Back
Events
Events
* Black Hat Europe - December 4-7 - Learn More
* Black Hat Middle East and Africa - Nov 14-16 - Learn More
Webinars
* Tips for A Streamlined Transition to Zero Trust
Oct 05, 2023
* Using AI in Application Security Tooling
Oct 12, 2023
Resources
Close
Back
Resources
Dark Reading Library >
Reports >
Webinars >
White Papers >
Slideshows >
Newsletters >
Events >
Partner Perspectives: Microsoft
Partner Perspectives: Google Cloud
--------------------------------------------------------------------------------
Newsletter Sign-Up
SEARCH
A minimum of 3 characters are required to be typed in the search bar in order to
perform a search.
Announcements
1.
Event
Think Like an Attacker: Understanding Cybercriminals & Nation-State Threat Actor
| Nov 16 Virtual Event <REGISTER NOW>
PreviousNext
Threat Intelligence
5 MIN READ
News
RUSSIAN HACKTIVISM: FLASHY NON-EVENTS OR SERIOUS THREAT?
While it's tempting to dismiss Russian hacktivist DDoSing as all sizzle and no
steak, experts warn the cyberattacks can cause serious damage -- and are poised
to become more and more dangerous
Nate Nelson
Contributing Writer, Dark Reading
October 04, 2023
Source: vchal via Alamy Stock Photo
PDF
Though sometimes they appear to be all bark and no bite, experts say Russian
hacktivist groups are in fact having a serious impact on organizations in
Ukraine and NATO countries.
Pro-Russian hacktivism has exploded since the beginning of the Ukraine war. Led
by the now-infamous KillNet, nationalist hackers have been orchestrating attacks
against any government or corporation voicing opposition to Putin's invasion.
Many of them are empty PR stunts — for example, KillNet's takedown of the UK
royal family's official website on Sunday — harking back to the days of
Anonymous. But experts warn that not only are these groups doing actual harm,
they're also planning bigger and badder things to come.
"Some are nuisance attacks on public-facing websites that just kind of make a
statement," says Michael McPherson, a 24-year FBI veteran, now senior vice
president of technical operations at ReliaQuest. "But you see them also target
critical infrastructure like hospital systems, which is much more significant,
and much more impactful."
THE LANDSCAPE OF RUSSIAN HACKTIVIST GROUPS
The distributed denial-of-service (DDoS) attack has played a distinct role in
the past decade's Russia-Ukraine conflict, including in the latest invasion.
"DDoS is what kicked the whole thing off, right?" points out Richard Hummel,
senior threat intelligence lead at Netscout. "That's the first thing that hit
the media, government, and financial organizations in Ukraine before Russia
invaded."
As the war went on, the buck seemed to pass from known state-sponsored groups to
hacktivist outfits. However, McPherson cautions, "the lines are blurring, and
attribution is much more challenging than it has been in the past."
Whoever they are or are affiliated with, these groups will target any
organizations or individuals who speak out against the war. For example,
"President Biden speaks at the G7 summit — the number one spike in DDoS attacks
for that day is against the United States government," Hummel explains.
Since then, there has been a noticeable evolution in the organization,
capabilities, and methods of the groups performing such attacks.
"KillNet comes out and they're legion-strong," Hummel says. "And then they start
to fracture and splinter into different subcomponents, so you've got multiple
factions of KillNet supporting different agendas, and different facets of the
government. Then you have DDoSia, you have Anonymous Sudan, which we firmly
believe is part of KillNet, and you have NoName. So you've got all these sort of
splinter cells."
It's part of the reason for the recent explosion of DDoS activity around the
world. In H1 2023 alone, Netscout recorded nearly 7.9 million DDoS attacks —
around 44,000 a day, a 31% growth year-over-year.
RUSSIAN HACKTIVISTS' EVOLVING TACTICS
DDoS-focused groups are not only more active today than ever, says Pascal
Geenens, director of threat intelligence at Radware, they're also more
sophisticated.
"When the war started back in February 2022, and these new threat actors came to
the scene, they were inexperienced. They were not well organized. And now after
more than a year-and-a-half of building experience — these people did nothing
else, every day, for the last 18 months, you can imagine they became better at
what they're doing," he says.
Geenens cites NoName, a group Radware covered extensively in its H1 2023 Global
Threat Analysis Report, as a good example of a matured hacktivist threat. Where
typical DDoS attacks involve simply overloading a target site with garbage
traffic, NoName has adopted a different approach.
About a year ago, he explains, the group started employing tools for analyzing
Web traffic to targeted websites, "something that sits in the middle of your
browser and the website, and records all the variables and all the information
that gets passed between. So what they do is: they find the pages that are most
impactful for the backend of that website, for example, a feedback form that
somebody can fill in, or a page where you have a search box. And they will
submit legitimate requests to those forms."
This more directed approach enables the group to do more with less. "Anonymous
Sudan is doing 2-3 million requests per second. That's not what you're gonna see
from NoName. NoName might come at you with 100,000 to 150,000 requests per
second, but they are so narrowed down to those things that impact backend
infrastructure that they bring down a lot of sites," Geenens says.
Whether it's NoName's more sophisticated tactics or Anonymous Sudan's sheer
volume of traffic, hacktivist groups are proving themselves able to affect large
and important organizations in sometimes meaningful ways.
HACKTIVISTS' AMBITIONS ARE GROWING
"In the beginning of the war, there were a lot of government, hospital, and
travel websites, but there was no real impact on the business itself — it was
just a website that was down. Now I see them targeting ticketing services for
public transport, payment applications, and even third-party APIs that are used
by many other applications, and causing more impact," Geenens says. As just one
of many recent examples, last month, a NoName attack against Canada's Border
Services Agency caused significant delays at border checkpoints throughout the
country.
Evidence suggests groups like NoName and KillNet will continue to mix empty PR
grabs with meaningful attacks, but they may go even further still. Geenens
points out how KillNet's leader, KillMilk, has expressed interest in
incorporating wipers into the group's attacks.
"He even started an idea," Geenens warns, "where he wanted to create a
paramilitary cyber army — a little bit modeled after the Wagner Group, which is
a physical army, but he wants to do that for cyber. So building that influence
and building a cyber army that will work for the highest bidder and perform
destructive cyber attacks."
Advanced Threats
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities,
data breach information, and emerging trends. Delivered daily or weekly right to
your email inbox.
Subscribe
More Insights
White Papers
*
Global Perspectives on Threat Intelligence
*
Digital Transformation and Connected Systems Have Opened the Door to New
Threat Vectors
More White Papers
Webinars
*
Tips for A Streamlined Transition to Zero Trust
*
Using AI in Application Security Tooling
More Webinars
Reports
*
What Ransomware Groups Look for in Enterprise Victims
*
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
More Reports
Editors' Choice
MGM, Caesars Cyberattack Responses Required Brutal Choices
Becky Bracken, Editor, Dark Reading
Do CISOs Have to Report Security Flaws to the SEC?
Evan Schuman, Contributing Writer, Dark Reading
NFL, CISA Look to Intercept Cyber Threats to Super Bowl LVIII
Tara Seals, Managing Editor, News, Dark Reading
Cisco Moves Into SIEM With $28B Deal to Acquire Splunk
Jeffrey Schwartz, Contributing Writer, Dark Reading
Webinars
* Tips for A Streamlined Transition to Zero Trust
* Using AI in Application Security Tooling
* The Enterprise View to Cloud Security
* Fundamentals of a Cyber Risk Assessment
* DevSecOps for Mobile App Development
More Webinars
Reports
* What Ransomware Groups Look for in Enterprise Victims
* Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
* Everything You Need to Know About DNS Attacks
* Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
* How Enterprises Are Managing Application Security Risks in a Heightened
Threat Environment
More Reports
White Papers
* Global Perspectives on Threat Intelligence
* Digital Transformation and Connected Systems Have Opened the Door to New
Threat Vectors
* 2023 Work-From-Anywhere Global Study
* Rediscovering Your Identity
* 2023 Global Future of Cyber Report
More White Papers
Events
* Black Hat Europe - December 4-7 - Learn More
* Black Hat Middle East and Africa - Nov 14-16 - Learn More
* Black Hat Japan Trainings - Nov 13-14 - Learn More
* SecTor - Canada's IT Security Conference Oct 23-26 - Learn More
More Events
More Insights
White Papers
*
Global Perspectives on Threat Intelligence
*
Digital Transformation and Connected Systems Have Opened the Door to New
Threat Vectors
More White Papers
Webinars
*
Tips for A Streamlined Transition to Zero Trust
*
Using AI in Application Security Tooling
More Webinars
Reports
*
What Ransomware Groups Look for in Enterprise Victims
*
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
More Reports
DISCOVER MORE FROM INFORMA TECH
* InformationWeek
* Network Computing
* ITPro Today
* Data Center Knowledge
* Black Hat
* Omdia
WORKING WITH US
* About Us
* Advertise
* Reprints
FOLLOW DARK READING ON SOCIAL
*
*
*
*
*
*
* Home
* Cookies
* Privacy
* Terms
Copyright © 2023 Informa PLC Informa UK Limited is a company registered in
England and Wales with company number 1072954 whose registered office is 5
Howick Place, London, SW1P 1WG.
Cookies Button
ABOUT COOKIES ON THIS SITE
We and our partners use cookies to enhance your website experience, learn how
our site is used, offer personalised features, measure the effectiveness of our
services, and tailor content and ads to your interests while you navigate on the
web or interact with us across devices. You can choose to accept all of these
cookies or only essential cookies. To learn more or manage your preferences,
click “Settings”. For further information about the data we collect from you,
please see our Privacy Policy
Accept All
Settings
COOKIE PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Cookies Details
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Cookies Details
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Cookies Details
Back Button
BACK
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
*
View Cookies
* Name
cookie name
Confirm My Choices