Hacktivist Activity in Russian-Ukraine War Persists

Hacktivist activity linked to the Russia-Ukraine war remains a persistent threat. CyberKnow, which has been monitoring the hacktivist threat since February 2022, has seen the number of active groups drop from over 130 in mid-2024 to around 80. Daily cyberattacks continue, with distributed denial of service (DDoS) attacks remaining the most common tactic. However, there’s been a noticeable rise in claimed ransomware and operational technology attacks.

Pro-Russian groups have been hit hard by internal conflicts and a Telegram exodus that shut down many channels used to coordinate attacks. Noname057(16), one of the most resilient groups, continues its daily DDoS attacks, through a crows-sourced tool called SSoSia, despite losing its main communication channels. Meanwhile, Cyber Army Russia Reborn has yet to resurface after its Telegram account was taken down.

On the Ukrainian side, groups like IT Army Ukraine have remained steadily active, organizing sustained DDoS attacks against Russian targets. These attacks are often aligned with military operations, targeting infrastructure like telecommunications networks in occupied areas to disrupt Russian command and control.

In the past six months, pro-Russian and pro-Palestinian hacktivist groups have begun coordinating attacks, targeting each others adversaries in a show of mutual support.

Russia-Ukraine War Hacktivist Timeline. Source: CyberKnow

Doxxing remains a popular tactic, with pro-Russian groups like JokerDPR exposing personal information of Ukrainian military personnel and foreign fighters. Meanwhile, hacktivist claims of successful ransomware and operational technology attacks raise questions about whether the perception of disruption can be just as impactful as an actual breach, especially with the increased risk and reputational pressure.

Despite the reduction in active groups, the Russia-Ukraine hacktivist landscape remains active. Well-established groups are unlikely to disappear completely and may turn to other geopolitical conflicts. As long as there are global tensions, hacktivist attacks will remain a threat.