As pro-Russian hacktivist groups become progressively more organized, their ranks could grow with far more resourceful cadres tied to the government.
The cyberwar, which intensified with Russia‘s invasion of Ukraine, reads like an obituary to the internet triumphalism of the ‘90s. While many hackers flocked to assist Ukraine, a country illegally invaded by its neighbor, online space quickly proved to be nothing more but an extension of real-world woes.
Far from supporting democracy or freedom of speech, as tech utopians predicted three decades ago, pro-Russian threat actors openly discuss the benefits of Russia using a nuclear weapon against the civilian population of Ukraine.
“This war is setting many precedents, but one of the most significant from a cyber perspective is the rise in civilian hacker armies. That is an example that is likely to be repeated in all future conflicts,”Hijazi told Cybernews.
Sporadic at first, pro-Russian hacker groups, such as Xaknet, Killnet, Legion, Cyber Army of Russia, and others, consolidated since the outbreak of the war back in February. According to Nataliia Zdrok, Cyber Intelligence Analyst at cybersecurity firm Binary Defense, hacktivism has been an upward trend in Russia since the invasion began.
“There is a strong anti-Ukrainian and anti-Western attitude among many pro-Russian groups stoked by the war. This attitude is frequently accompanied by aggressive language, ethnic insults, and sarcastic jokes meant to degrade Ukrainians or other people that hacktivists consider unfriendly to Russia,” Zdrok told Cybernews.
Harbingers of the future
Data gathered by open-source intelligence researcher CyberKnow shows that pro-Russian hacktivist gangs outnumber pro-Ukrainian groups. However, six months ago, pro-Ukrainian hacktivists outnumbered Russia’s supporters almost two to one.
In part, pro-Kremlin actors started to organize due to the evident failure on the homefront and the battlefield: Russia has become isolated, and the war is draining its financial and human resources. With all this in mind, says Karim Hijazi, CEO of cyber intelligence company Prevailion, it’s no wonder Russians started to regroup online.
“From the earliest days of this war, we have seen the rise of partisan, or patriotic, hackers launching their own independent attacks. This war is setting many precedents, but one of the most significant from a cyber perspective is the rise in civilian hacker armies. That is an example that is likely to be repeated in all future conflicts,” Hijazi said.
Hacktivist groups, supposedly driven by patriotic ideals, may prove a valuable asset in times of conflict. One advantage they provide is real-time time response to battlefield realities.
Sharing news in Telegram channels and other social media platforms, hacktivist groups closely monitor current events on the frontline as well as in the international arena. For example, Zdrok claims that XakNet took down the servers of the Ukrainian surveillance and guidance system “Kropiva.”
“They believe that the blockade helped to significantly reduce the capabilities of the Ukrainian army on the front line,” Zdrok explained.
Days before the US midterm elections, Cyber Army of Russia said, “every self-respecting Russian hacker should interfere in American elections.” A sentiment repeated by Russian businessman Yevgeny Prigozhin, the founder of the private military company Wagner Group, the next day.
To make the most of its supporters, the Kremlin could offer them assistance from more advanced state-affiliated actors, who could pretend they’re patriotic hacktivists, offering a helping hand in need, Hijazi thinks.
“This is not only possible with the Russian government or ex-government actors, but also government actors from other countries that support Russia – most notably Iran,” Hijazi told Cybernews.
Unlike state-sponsored advanced persistent threats (APTs), hacktivists often operate with less sophisticated tools. Many prominent pro-Russian collectives, such as Killnet, use distributed denial-of-service (DDoS) attacks against their victims.
The effectiveness of DDoS attacks has been questionable – especially against well-protected targets such as large, multinational financial institutions. The Federal Bureau of Investigation (FBI) recently said that Russian “hacktivists select targets perceived to have a more significant impact rather than an actual disruption of operations.”
However, Zdrok claims that limited open-source reporting indicates that many victimized companies experience reputational damage. Even if hacktivist attacks cause nothing more than a minor inconvenience to the customers of targeted companies, mitigating them requires time and money.
“Companies and government agencies that should be focused on other things will have to turn their attention to this hacktivist threat. These attacks also create a lot of ‘noise’ that could be exploited by other more devious groups,” Hijazi said.
For example, a DDoS attack from a hacktivist group could serve as a cover for a sophisticated breach against an organization focused on mitigating a seemingly low-skilled DDoS attack.
“The most famous hacktivist groups are distinguished by their organized operations, which enable them to not only launch organized attacks but also draw in more experienced hackers driven by the same ideology,”Zdrok said.
Risk of escalation
Pro-Russian hacktivist groups have become more coordinated since February, and there are more of them. The newer hacktivist groups recognize there is strength in numbers and opt to form collectives, sometimes made up of five or more groups.
“The most famous hacktivist groups are distinguished by their organized operations, which enable them to not only launch organized attacks but also draw in more experienced hackers driven by the same ideology,” Zdrok explained.
Adding highly skilled hackers to ideologically motivated groups may encourage their leaders to escalate. Sophisticated attacks could thrust the cyberwar towards a point where non-state hacktivists deploy ransomware and wiper malware against state institutions responsible for critical infrastructure.
“The online free-for-all by hacktivist groups runs the risk of triggering a real cyber escalation between major powers. Right now, this threat is just simmering in the background, but it could boil over at any point,” Hijazi said.
More from Cybernews:
Subscribe to our newsletter