Not Your Grandfather’s Hacktivists: How Hacktivism Has Evolved
Coral
  • Table of contents

The author

user_image
Coral Tayar
Share on LinkedIn

Security Researcher at Cyberint

Table of contents

Related Articles

Recent Supply Chain Attacks Examined
Research

The Weak Link: Recent Supply Chain Attacks Examined

We examine the recent supply chain attack growth, especially in 2022/3, the evolution of TTPs,...
Sep 28, 2025
Learn more
breach forums
Research

BreachForums The Latest Updates

The FBI, DOJ and others have taken control of BreachForums following a significant data leak...
Jul 24, 2025
Learn more
Research

Not Your Grandfather’s Hacktivists: How Hacktivism Has Evolved

Nov 14, 2024

Hacktivism – the practice of carrying out cyberattacks to advance political or social goals – is not new. Hacktivist attacks go as far back as the 1980s.

Yet today’s hacktivists often look and operate in ways that are markedly different from their predecessors. They’ve embraced new techniques, they often have more resources at their disposal and they can prove more challenging to stop.

As Complex Discovery notes based on recent ENISA survey data, businesses now face an “evolving cyber threat landscape, driven by growing geopolitical tensions and the increasing sophistication of cyber actors.”

Contending with the modern hacktivist threat requires an understanding of how hacktivism has changed and which defense techniques are necessary for mitigating hacktivism today.

Key developments in the evolution of hacktivism

To explain how hacktivism has changed over the years, let’s discuss some key developments and changes in the way hacktivists operate, as well as why they do what they do.

Crowdsourcing as a hacktivist strategy

Historically, most hacktivist groups worked independently. They planned and executed attacks entirely on their own.

But that has changed as hacktivists increasingly rely on crowdsourcing to help expand their attacks. Crowdsourcing allows them to make their campaigns public and invite anyone to contribute, which offers three key advantages from attackers’ perspective:

  • Increasing the scale and scope of attacks.
  • Make audiences feel like they are part of the attack, which increases support for the activity.
  • Increase the profile of attacks and gain publicity by involving more people.

Crowdsourcing has already become prominent within hacktivist campaigns associated with the Israel-Hamas conflict

Fig 1: Crowd Sourcing to campaign against Israel

 

and the Russia-Ukraine war. For example, in the context of the latter conflict, Telegram channels appeared inviting individuals to enlist in cyberwar efforts in support of Ukraine.

Fig 2: Crowdsourcing to campaign against Russia
Fig 2: Crowdsourcing to campaign against Russia

 

As a growth strategy, crowdsourcing can deliver dramatic results for hacktivist groups. For instance, as Dark Reading noted in 2022 about a hacktivist project sponsored by attackers sympathetic to Russia, “the crowdsourced DDoS project known as ‘DDoSia’ has grown exponentially, by 2,400%” in just one year..

Changing hacktivist ideologies

The goals and mindsets of hacktivists have also evolved. Today, hacktivism campaigns are often not aimed at destroying targets as much as changing people’s minds.

For example, when the Israel Aerospace Industries (IAI) website planned scheduled maintenance, a hacktivist group that knew in advance about the planned downtime published a statement announcing they had shut down the site. Even though they hadn’t, merely convincing people that they had was an effective way of creating a sense of vulnerability within their target group.

Nation-state influence

Historically, most hacktivists belonged to independent groups. But today, many are aligned at least to some extent with nation-states – a trend that is evident based on who hacktivists attack and the hours during which they are active.

Anonymous Sudan, whose members have been indicted by the U.S. government for cyberattacks on hospitals and other critical infrastructure around the world, is one example of a hacktivist group with nation-state ties.

Association with nation-states is significant because it translates to more resources for attacks because governments can provide them with financing and skilled technical personnel. It also means that they are more likely to focus on targets in specific countries or regions that are adversaries of the nation-states supporting the hacktivists.

Growing hacktivist networks

The tendency of today’s hacktivists to embrace outside support has also led many to form coalitions – such as the “Five Families” collaboration that Cyberint discovered on Telegram. Other prominent examples of hacktivist groups banding together include SiegedSec, GhostSec and Blackforums, to name just a few.

The main motive behind these collaborations is simple: Hacktivists have realized that by pooling their resources and acting in coordination, they can increase their impact. This is another example of why the hacktivist threat has become more challenging to contain.

Mitigating modern hacktivism

In short, hacktivism has evolved in ways that increase its effectiveness and the level of risk that hacktivist groups pose to businesses.

 

haccktivist main changest
Fig 3: Hacktivist Main Changes

 

The good news is that the core cyberdefense strategies that are effective at mitigating hacktivist threats have not changed. Effective Attack Surface Management, active vulnerability scanning and testing and threat intelligence remain key pillars of hacktivism defense. With these capabilities in place, organizations substantially reduce their risks of falling victim to hacktivist hacks.

Request a demo to learn more about how Cyberint can help mitigate hacktivist threats and other cyber risks.

Uncover your compromised credentials from the deep and dark web

Fill in your business email to start