Putin’s keyboard warriors are waging war on Europe

Last updated: 3 July 2025
russian hacktivism
Image by Cybernews

From busted water tanks to crashed government sites, pro-Russian hackers are forming new alliances to fight back in wars.

The Russia-Ukraine war has roared into the cyber battlefield. Since the eruption of the conflict, hacktivist armies have been launching DDoS attacks, defacing websites, and dumping stolen data to wield influence in this geopolitical conflict.

Fast-forward to 2025, and hacktivism is hotter than ever, fueled by Trump-era jitters about US military backing for Ukraine, a wave of European rearmament, and increasing defense spending.

ADVERTISEMENT

The #OpLithuania campaign erupted in May 2025 after Lithuania’s foreign minister slammed Putin for using delaying tactics to avoid sanctions during ceasefire discussions and called for a response that was “stronger than Russian aggression.”

In the wake of such a declaration, seven pro‑Russian hacktivist collectives, including the notorious Dark Storm Team and ServerKillers, attacked, crashing financial networks and government sites. Other groups, such as AnonSec and Keymous+ targeted other European countries in May 2025.

vilius Gintaras Radauskas Ernestas Naprys Paulina Okunyte
Don’t miss our latest stories on Google News.
Google News Follow us

Poland’s presidential elections on June 1st, 2025, also triggered keyboards. As officials hinted at more serious planning for potential conflict with Russia, pro-Russian hacktivist groups increased DDoS attacks on Polish digital infrastructure, which is a classic move in their propaganda playbook.

After Israel and the US attacked Iran on June 12th, 2025, a wave of pro-Iranian and Middle Eastern hacktivist groups flooded cyberspace with attacks in solidarity with Tehran.

Iran has been arming Russia throughout the war, so the digital warfare followed suit. Pro-Russian groups TwoNet and Server Killers claimed credit for DDoS attacks on Israeli targets.

New hacktivists are arming themselves

Cybersecurity firm Intel471 says that new alliances in the underground hacktivist scene have formed in recent months.

ADVERTISEMENT

The top hacktivist group has been NoName057(16). It first emerged in March 2022 and targets at least one or two victims a week, sometimes many more. According to Intel471's findings, it usually attacks NATO countries or other entities supporting Ukraine.

noname057(16) attack
The NoName057(16) group published this screenshot after claimingresponsibility for the defacement of the Lithuania-based freight company ExpressTrip July 4th, 2022. Source: Intel471

A new pro-Russian hacktivist group, the IT Army of Russia, has also entered the scene. The group first emerged in late March 2025 and started broadcasting operations via the Duty-Free underground forum and Telegram channel.

This group uses DDoS attacks to target Ukrainian digital infrastructure. The hacktivists also solicit insider information that could benefit Russian forces in the ongoing war in Ukraine.

Another new group that emerged in January 2025, is TwoNet. As claimed on Telegram channel, the group consisted of 40 members involved in hacking, software development and open source intelligence (OSINT) research. The group has mainly targeted digital infrastructure in Spain, Ukraine, and the UK, focusing its attacks on entities within the aviation, government, tech, media, and telecom sectors.

State-backed hacktivism?

The question that won't die: are pro-Russian hacktivist groups covert arms of the Russian state?Suspicion hit a new high in July 2024 when the US Treasury sanctioned two key figures tied to the Cyber Army of Russia Reborn (CARR). Yuliya Pankratova was named the group’s leader, and Denis Degtyarenko was named its main hacker. Both were allegedly behind cyber ops targeting US critical infrastructure.

Hactivist alliances
This image depicts a link diagram of new alliances allegedly formed between the monitored hacktivist groups between March 31st, 2025, and May 4th, 2025. Source: Intel471

CARR had started out as just another DDoS crew in Russia’s war toolbox, lashing out at Ukraine and its Western allies. But by late 2023, they were leveling up, claiming hits on industrial control systems (ICS) across Europe and the US, including a brazen attack on a water facility in Texas that reportedly overflowed storage tanks.

While the US Cybersecurity and Infrastructure Security Agency (CISA) has not openly tied CARR to the Russian government, others have made the connection. Mandiant, Google’s threat intel division, has presented evidence indicating a close operational overlap between several pro-Russian hacktivist groups and Russia’s General Staff Main Intelligence Directorate (GRU).

ADVERTISEMENT

In January 2025, the Ukrainian OSINT group Molfar also dropped a dossier outing over 10 alleged members of both CARR and NoName057(16). The leak included names, faces, and personal info, some of them Ukrainian nationals who had flipped to support Russia.

Molfar claims some of these individuals have ties to Russian state structures and are funded accordingly.

Share
Post
Share
Share
Share
More from Cybernews
Saudi industrial services group breached, hackers claim
Estimating age with augmented cameras in tobacco shops is a no-go, CNIL says
Law enforcement authorities bust international Microsoft scam call center
JD Vance’s Disneyland vacation sparks outrage, mockery
Samsung may be turning jewelry into AI-driven devices
A simple radio hack can emergency stop any train in North America, researchers warn
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked