Posted on May 2, 2023 at 8:44 AM

Hacktivist groups launch over 1,800 DDoS attacks to advance political and religious causes

A recent report by Radware has detected that hacktivist groups claimed to have launched over 1,800 distributed denial-of-service (DDoS) attacks to advance its causes in the political and religious sectors. The nature of these DDoS attacks shows that hackers are launching more campaigns based on their political or religious affiliations.

Radware reveals political and religious causes to be behind DDoS campaigns

Hacktivist groups have become increasingly popular over the year. These groups launch malicious campaigns depending on their political or religious groups. They usually target adversaries in retaliation for actions taken against their religious or political affiliations.

An in-depth look into the different claims made on social media platforms from February 18, 2023, to April 18, 2023, shows that the activities of hacktivist groups increased significantly at the onset of the war in Ukraine. However, there is still a significant rise in DDoS attacks, with most of these attacks being linked to religious groups.

According to the director of threat intelligence for Radware, Pascal Geenens, threat actor groups linked to Muslim causes have been increasingly active. Some groups launching DDoS campaigns to advance their religious causes include Anonymous Sudan, Mysterious Team, and Team Insane PK. The groups rank among the leading threat actors claiming to have launched DDoS campaigns.

The other threat actor group that has remained significantly active is NoName057 (16). This group includes pro-Russia hacktivists, who account for 30% of all threat actors claiming credit for successfully launching DDoS campaigns against their adversaries.

It is often challenging to confirm the claims made by threat actors that take responsibility for hacking attacks. However, Russian hacktivist groups have previously been linked to several DDoS campaigns, with the KillNet group being the most active.

However, the list presented by Radware in its report did not rank KillNet among the top 15 threat actor groups targeting adversaries with DDoS attacks. Moreover, it is often difficult to establish the motive behind a hacking campaign because religious and political causes are often indistinguishable in most cases.

Organizations need to be proactive

Given the rate at which DDoS campaigns are launched, organizations must be on the lookout and ensure they do not fall victim. In the long term, organizations should assume that the number of DDoS attacks will increase directly or as collateral damage from being linked to different issues.

Organizations operating in a certain country could also be victims of DDoS attacks because of political or other issues they might be involved in. Therefore, there is a need to remain proactive.

Some threat actor groups launching DDoS attacks are now marketing their services to the highest bidder, which makes these organizations operate similarly to mercenary groups.

There is a likelihood that DDoS attacks might become democratized in the future. According to Geenens, most ransomware attacks are enabled by people using the ransomware-as-a-service (RaaS) platform.

It is important to note that there are also various DDoS attacks. Organizations should be prepared to deal with a micro flood of attacks. However, some more sophisticated threat actor groups might launch hyper-volumetric DDoS attacks as devices connected over the internet become compromised or voluntarily made by people focused on a particular cause.

Despite the nature of DDoS attacks targeted at an individual or organization, the fact remains that these attacks have become increasingly popular. Hacktivist groups prefer launching DDoS campaigns because they are easier and less costly to launch.

The only thing needed to launch these attacks is a collaboration of those willing to make the resources available in the same manner that supporters of Ukraine have made infrastructure resources available to the IT Army of Ukraine.

Instead of the threat actors lending out these resources to deal with cybercrime, internet resources have now been diverted toward political or religious causes. Activists worldwide are copying the DDoS attack playbook created by Ukraine supporters, which could explain the rapid increase in DDoS attacks.

Cybersecurity professionals often find themselves caught up in the middle because of the varying motivations behind DDoS attacks. However, despite the intention behind the attack, launching DDoS campaigns remains a crime.

It is also difficult to detect, capture and prosecute the people behind DDoS attacks. In the foreseeable future, cybersecurity organizations might shift significant resources towards defending organizations from these attacks that are becoming more common globally.