Hacktivists are expanding beyond low-level
distributed-denial-of-service (DDoS) attacks and website defacements to targeting critical infrastructure organizations in industries such as energy and utilities, manufacturing, transportation and telecoms.
A
July 11 blog by Cyble reported that the shift from surface-level attacks to infrastructure-level interference demonstrated a growing strategic intent and technical capability in
the hacktivist community.
The Cyble researchers said attacks on
industrial control systems (ICS), data breaches, and access-based attacks now comprise 31% of hacktivist attacks, up from 29% from the previous quarter.
Italy was the most frequently targeted country in ICS attacks by hacktivists, followed by the United States, the Czech Republic, France and Spain. Much of the increase was tied to the rise last year of the Russia-linked
Z-Pentest group.
“As global geopolitical tensions continue to rise,
hacktivism is evolving and increasing being used to disrupt, intimidate and score political points,” said James Maude, Field CTO at BeyondTrust. “We have seen groups evolve from largescale DDoS and defacement into much more sophisticated threats targeting ICS, spoofing GPS signals in the Gulf region to disrupt shipping, and breaching Nobitex, a prominent Iranian cryptocurrency exchange.”
Maude added that the lines between hacktivism, cybercrime for profit and nation-state activities are now blurred. A group known as “Keymous+” appear to have been building alliances across multiple hacktivist groups to expand their reach, while also offering a for-hire DDoS service known as EliteStress.
Infrastructure in hacking crosshairs
Thomas Richards, infrastructure security practice director at Black Duck, added that hacktivist groups are growing bolder and more sophisticated with their capabilities. Richards said this Cyble research also brings to attention what experts have been warning about for years: ICS systems are often not secured properly and are at risk of compromise.
“For organizations that operate this infrastructure, they should be committing to making cybersecurity a top priority,” said Richards. “This should include a complete review and threat model of their external attack surface, reviewing how vendors access systems for maintenance, and making attempts to air gap critical systems to reduce the likelihood of a compromise.”
Jason Fruge, CISO-in-Residence at XM Cyber, pointed out that the accelerating rise of offensive AI ensures that sophisticated attacks will not only continue, but escalate in complexity and frequency. Fruge said with an unprecedented arsenal of AI-powered tools and capabilities at their disposal, threat actors can now orchestrate multi-pronged assaults with alarming precision. To counter this evolving threat landscape, CISOs must urgently adopt new defensive capabilities.
“It’s no longer sufficient to merely build static defenses,” said Fruge. “Defenders need the capability to assess their entire security posture continuously and dynamically. This includes understanding how threat actors might exploit identity, CVEs, and data exposures to weave through defensive layers and ultimately compromise critical assets like ICS. Proactive, adaptive, and AI-augmented defense is no longer an option, but a strategic imperative for survival.”
