Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacktivism. Show all posts
Iran
APT Group Artificial Intelligence CISA Cyber Attacks Cyber Breach Hacktivism Iran

Cyber Operations Expand as Iran Conflict Extends into Digital Warfare

 




Cyberattacks are increasingly being used alongside conventional military actions in the ongoing conflict involving Iran, with both state-linked actors and loosely organised hacker groups targeting systems in the United States and Israel.

A recent incident involving Stryker illustrates the scale of this activity. On March 11, the company confirmed that a cyberattack had disrupted parts of its global network. Employees across several offices reportedly encountered login screens displaying the symbol of Handala, a group believed to have links to Iran. The attack affected systems within Microsoft’s environment, although the full extent of the disruption and the timeline for recovery remain unclear.

Handala has claimed responsibility for the operation, stating that it exploited Microsoft’s cloud-based device management platform, Intune. According to data from SOCRadar, the group alleged it remotely wiped more than 200,000 devices across 79 countries. These claims have not been independently verified, and attempts have been made to seek confirmation from Microsoft. The group described the attack as retaliation for a missile strike in Minab, Iran, which reportedly killed more than 160 people at a girls’ school.

This breach is part of a broader surge in cyber activity following Operation Epic Fury, with multiple pro-Iranian actors directing attacks against American and Israeli systems.


State-linked groups target essential systems

A cybersecurity assessment indicates that several groups associated with Iran’s Islamic Revolutionary Guard Corps, including CyberAv3ngers, APT33, and APT55, are actively targeting critical infrastructure in the United States.

These operations focus on industrial control systems, which are specialised computers used to manage essential services such as electricity grids, water treatment plants, and manufacturing processes. In some instances, attackers have gained access by using unchanged default passwords, allowing them to install malicious software capable of interfering with or taking control of these systems.

CyberAv3ngers has reportedly accessed industrial machinery in this way, while APT33 has used commonly reused passwords to infiltrate accounts at US energy companies. After gaining entry, the group attempts to weaken safety mechanisms by inserting malware into operational systems. APT55, meanwhile, has focused on cyber-espionage, targeting individuals connected to the energy and defence sectors to gather intelligence for Iranian operations.

Other groups linked to Iran’s Ministry of Intelligence and Security, including MuddyWater and APT34, are also involved in these campaigns. MuddyWater has targeted telecommunications providers, oil and gas companies, and government organisations. It functions as an initial access broker, meaning it breaks into networks, collects login credentials, and then passes that access to other attackers.

Handala has also claimed additional operations beyond the Stryker incident. These include deleting more than 40 terabytes of data from servers at the Hebrew University of Jerusalem and breaching systems linked to Verifone in Israel. However, Verifone has stated that it found no evidence of any compromise or service disruption.

Cyber operations are also being carried out by the United States and Israel.

General Dan Caine stated on March 2 that US Cyber Command was one of the first operational units involved in Operation Epic Fury. He said these efforts disrupted Iran’s communication and sensor networks, leaving it with reduced ability to monitor, coordinate, or respond effectively. He did not provide further operational details.

On March 13, Pete Hegseth confirmed that the United States is using artificial intelligence alongside cyber tools as part of its military approach in the conflict.

Separate reporting suggests that Israeli intelligence agencies may have used data obtained from compromised traffic cameras across Tehran to support planning related to Iran’s leadership, including Ayatollah Ali Khamenei.


Hacktivist networks operate with fewer constraints

Alongside state-backed actors, hacktivist groups have played a significant role. More than 60 such groups reportedly mobilised in the early hours of Operation Epic Fury, forming a coalition known as the Cyber Islamic Resistance.

This network coordinates its activity through Telegram channels described as an “Electronic Operations Room.” Unlike state-directed groups, these actors operate based on ideological motivations rather than central command structures. Analysts note that such groups tend to be less disciplined, more unpredictable, and more likely to act without regard for civilian impact.

Within the first two weeks of the conflict, the coalition claimed responsibility for more than 600 distinct cyber incidents across over 100 Telegram channels. These include attacks targeting Israeli defence-related systems, drone detection platforms such as VigilAir, and infrastructure affecting electricity and water services at a hotel in Tel Aviv.

The same group also claimed to have compromised BadeSaba Calendar, a widely used religious mobile application with more than five million downloads. During the incident, users reportedly received messages such as “Help is on the way” and “It’s time for reckoning,” based on screenshots shared online.

Some analysts assess that these groups may be using artificial intelligence tools to compensate for limited technical expertise, allowing them to scale operations more effectively.


Global actors join the conflict

Cyber intelligence findings suggest that participation in these operations is expanding geographically. Ongoing internet restrictions within Iran appear to be limiting the involvement of domestic hacktivists by disrupting Telegram-based coordination.

As a result, increased activity has been observed from pro-Iranian groups based in Southeast Asia, Pakistan, and other parts of the Middle East.

The Islamic Cyber Resistance in Iraq, also known as the 313 Team, has claimed responsibility for attacks on websites belonging to Kuwaiti government ministries, including defence-related institutions, according to a separate threat intelligence briefing. The group has also reportedly targeted websites in Romania and Bahrain.

Another group, DieNet, has claimed cyber operations affecting airport systems in Bahrain, Saudi Arabia, and the United Arab Emirates.

Russian-linked actors have also entered the landscape. NoName057(16), previously involved in cyber campaigns related to Ukraine, has launched distributed denial-of-service attacks, a technique used to overwhelm websites with traffic and render them inaccessible. Targets include Israeli municipal services, political platforms, telecommunications providers, and defence-related entities, including Elbit Systems, as noted by a threat intelligence monitoring platform.

The group is also reported to be collaborating with Hider-Nex, a North Africa-based collective that has claimed attacks on Kuwaiti government domains.


Some pro-Israeli hacktivist groups are active, including Anonymous Syria Hackers. One such group recently claimed to have breached an Iranian technology firm and released sensitive data, including account credentials, emails, and passwords.

However, these groups remain less visible. Analysts suggest that Israel primarily conducts cyber operations through state-controlled channels, reducing the role and visibility of independent actors. In addition, these groups often do not appear in alerts issued by agencies such as the US Cybersecurity and Infrastructure Security Agency, making their activities harder to track.


These developments suggest how cyber operations are becoming embedded in modern warfare. Such attacks are used not only to disrupt infrastructure but also to gather intelligence, impose financial strain, and influence perception.

The growing use of artificial intelligence, combined with the involvement of decentralised and ideologically driven groups, is making attribution more complex and the threat environment more difficult to manage. As a result, cyber capabilities are now a central component of how conflicts are conducted, extending the battlefield into digital systems that underpin everyday life.

Read more »
Ransomwares
AI Attack Cyber Attacks cybercrime group Data Leak Hacktivism RaaS Ransom Demand Ransomware attack Ransomwares

FunkSec Ransomware Group: AI-Powered Cyber Threat Targeting Global Organizations

 

A new ransomware group, FunkSec, has emerged as a growing concern within the cybersecurity community after launching a series of attacks in late 2024. Reports indicate that the group has carried out over 80 cyberattacks, signaling a strategic blend of hacktivism and cybercrime. According to recent findings, FunkSec’s activities suggest that its members are relatively new to the cyber threat landscape but have been using artificial intelligence (AI) to amplify their capabilities and expand their reach. 

FunkSec’s ransomware, developed using the Rust programming language, has caught the attention of security analysts due to its complexity and efficiency. Investigations suggest that AI tools may have been used to assist in coding and refining the malware, enabling the attackers to bypass security defenses more effectively. A suspected Algerian-based developer is believed to have inadvertently leaked portions of the ransomware’s code online, providing cybersecurity researchers with valuable insights into its functionality. 

Operating under a ransomware-as-a-service (RaaS) framework, FunkSec offers its malware to affiliates, who then carry out attacks in exchange for a percentage of the ransom collected. Their approach involves double extortion tactics—encrypting critical files while simultaneously threatening to publish stolen information unless the victim meets their financial demands. To facilitate their operations, FunkSec has launched an underground data leak website, where they advertise stolen data and offer additional cybercrime tools, such as distributed denial-of-service (DDoS) attack capabilities, credential theft utilities, and remote access software that allows for covert control of compromised systems. 

The origins of FunkSec date back to October 2024, when an online persona known as “Scorpion” introduced the group in underground forums. Additional figures, including “El_Farado” and “Bjorka,” have been linked to its expansion. Investigators have noted discrepancies in FunkSec’s communications, with some materials appearing professionally written in contrast to their typical informal style. This has led experts to believe that AI-generated content is being used to improve their messaging and phishing tactics, making them appear more credible to potential victims. 

FunkSec’s ransomware is designed to disable security features such as antivirus programs, logging mechanisms, and backup systems before encrypting files with a “.funksec” extension. The group’s ransom demands are relatively modest, often starting at around $10,000, making their attacks more accessible to a wide range of potential victims. Additionally, they have been known to sell stolen data at discounted rates to other threat actors, further extending their influence within the cybercriminal ecosystem. Beyond financial motives, FunkSec has attempted to align itself with hacktivist causes, targeting entities in countries like the United States and India in support of movements such as Free Palestine. 

However, cybersecurity analysts have expressed skepticism over the authenticity of their claims, noting that some of the data they leak appears to have been recycled from previous breaches. While FunkSec may be a relatively new player in the cyber threat landscape, their innovative use of AI and evolving tactics make them a significant threat. Security experts emphasize the importance of proactive measures such as regular system updates, employee training on cybersecurity best practices, and the implementation of robust access controls to mitigate the risks posed by emerging ransomware threats like FunkSec.
Read more »
Technology
Data Breach Data Leak Data Privacy Hacktivism Hacktivist Internet Technology

Hacktivism: How Hacktivists are Using Digital Activism to Fight for Justice

Hacktivism: How Hacktivists are Using Digital Activism to Fight for Justice

What is Hacktivism?

Hacktivism, a blend of hacking and activism, has become a major threat in the digital landscape. Hacktivists are driven by political, religious, and social aims, they use different strategies to achieve their goals, and their primary targets include oppressive institutions or governments.

Hacktivists are known for using their technical expertise to drive change and have diverse aspirations, from free speech advocacy and protesting human rights violations to anti-censorship and religious discrimination. 

Data Leaks, Web Defacements, and DDoS Attacks

A recent report by CYFIRMA reveals that hacktivists believe themselves to be digital activists and work for the cause of justice, attacking organizations that they think should be held responsible for their malpractices. “Operation ‘Hamsaupdate’ has been active since early December 2023, where the hacktivist group Handala has been using phishing campaigns to gain access to Israel-based organizations. After breaching the systems, they deploy wipers to destroy data and cause significant disruption.” 

While few target local, regional, or national issues, other groups are involved in larger campaigns that expand to multiple nations and continents.

DDoS Attacks

A general tactic hacktivists use involves DDoS attacks. These attacks stuff websites with heavy traffic, disrupting servers and making sites inaccessible. Hacktivists employ diverse DDoS tools, ranging from botnet services and web-based IP stressors, to attack different layers of the OSI (Open Systems Interconnection) model.

Web Defacement Attacks

Hacktivists modify the website content in Web defacement to show ideological or political agendas. The motive is to humiliate the website owners and spread the idea to a larger audience.

Hacktivists can easily deface websites by exploiting flaws like SQL injection or cross-site scripting.

Data Leaks

Hacktivists also indulge in data leaks, where they steal sensitive data and leak it publicly. This includes personal info, confidential corporate data, or government documents. The aim here is to expose corruption or wrongdoings and hold the accused responsible in the eyes of the public.

Geopolitical Motives

Hacktivist campaigns are sometimes driven by geopolitical tensions, racial conflicts, and religious battles. The hacktivists are sometimes involved in #OP operations, the CYFIRMA report mentions. 

For instance, “#OpIndia is a popular hashtag, used by hacktivist groups from countries such as Pakistan, Bangladesh, Indonesia, Turkey, Morocco, and other Muslim-majority countries (as well as Sweden) that engage in DDoS attacks or deface Indian websites, and target government, individuals, or educational institutions.”

Read more »
ICRC
Cyber Security Cyberwarfare Hacktivism Humanitarian law ICRC

ICRC issues new rules for hacktivists in war zones: What you need to know


How to be a responsible hacktivist in times of war

Hacktivism, the use of hacking skills for political or social causes, has become a common phenomenon in the digital age. Hacktivists can launch cyberattacks against governments, corporations, or other entities that they perceive as oppressive, corrupt, or unjust. However, hacktivism can also have unintended consequences, especially when it involves civilian hackers participating in armed conflicts.

The risks of patriotic hacking

Patriotic hacking is a form of hacktivism that aims to support one's country or group in a conflict. Patriotic hackers can target the enemy's websites, networks, or infrastructure, or they can leak sensitive information, spread propaganda, or disrupt communications. Patriotic hacking can be seen as a form of cyber warfare, but it is often done without the authorization or coordination of the official military or government.

This can pose serious risks for both the hackers and the victims. Hackers can expose themselves to legal prosecution, retaliation, or espionage from the enemy. They can also cause collateral damage to innocent bystanders, such as civilians, journalists, humanitarian workers, or neutral parties. Moreover, they can escalate the conflict or undermine the peace efforts by provoking the enemy or violating international law.

The rules of engagement for hacktivists

To address these risks and to protect civilians in cyberspace, the International Committee of the Red Cross (ICRC) has published a new set of rules of engagement for hacktivists involved in conflicts. The rules are based on the existing principles of humanitarian law, such as distinction, proportionality, necessity, and precaution. The rules aim to provide guidance and advice for hacktivists on how to conduct their activities in a responsible and ethical manner.

Some of the main rules are:

- Hacktivists should not target civilians or civilian objects, such as hospitals, schools, or media outlets.

- Hacktivists should not cause excessive harm or suffering to the enemy or to the environment.

- Hacktivists should respect the sovereignty and neutrality of other states and avoid interfering with their affairs.

- Hacktivists should not use malicious software or techniques that can spread uncontrollably or unpredictably.

- Hacktivists should not conceal their identity or impersonate others.

- Hacktivists should not cooperate with armed groups or state actors that violate humanitarian law.

The reactions of hacking groups

The ICRC's initiative has received mixed reactions from different hacking groups. Some groups have welcomed the rules and expressed their willingness to comply with them. They have recognized the importance of respecting human rights and international law in cyberspace. They have also appreciated the ICRC's recognition of hacktivism as a legitimate form of expression and activism.

However, some groups have rejected the rules and questioned their legitimacy and applicability. They have argued that the rules are unrealistic, impractical, or biased. They have also claimed that the rules are an attempt to restrict their freedom and autonomy. They have asserted that they will continue to hack according to their own principles and objectives.



Read more »
Vulnerability and Exploits.
Credit Card Fraud Crypto Theft Cyber Fraud Hacktivism Law Enforcement Malicious actor Ransomware Attacks. Vulnerability and Exploits.

Hacktivists Embrace Cybercrime Tactics for Funding

Hacktivism, the fusion of hacking and activism, has become an increasingly prevalent form of online protest and advocacy. While hacktivists are driven by social or political motivations, it is crucial to understand that some of these individuals or groups fund their operations through methods commonly associated with cybercrime. Recent research has shed light on this intriguing intersection between hacktivism and cybercrime, revealing how these hacktivists leverage tactics typically associated with malicious cyber actors to finance their endeavors.

According to a report by Kela, a cybersecurity intelligence firm, hacktivists have been exploring avenues beyond traditional donations to secure the resources they need. The report highlights instances where hacktivist groups engage in activities such as ransomware attacks, cryptocurrency theft, and credit card fraud. These illicit activities provide them with a substantial financial influx, enabling them to sustain and amplify their campaigns.

One alarming example involves the deployment of ransomware by certain hacktivist factions. By encrypting valuable data and demanding ransom payments, these groups not only fund their endeavors but also attract attention to their causes through the media coverage generated by such attacks. This fusion of monetary gain and ideological motivation blurs the lines between hacktivism and cybercrime, leaving security experts and law enforcement agencies grappling with multifaceted challenges.

Cybersecurity news sources note that hacktivists have started using strategies frequently used by cybercriminals, taking advantage of the same flaws in software and systems. This confluence of techniques not only makes identification more difficult, but also emphasizes the need for an all-encompassing response to these changing threats.

The line between hacktivists and hackers has become increasingly complex in light of these developments. The intentions behind these efforts are essential in separating hacktivist behavior from that of malicious hackers. While hacktivists aim to advance social or political causes, their strategies are becoming more and more like those of cyber criminals.

It is crucial that cybersecurity experts, policymakers, and society at large handle these new concerns as the digital landscape continues to change. A nuanced viewpoint is crucial, as Dr. Jane Mitchell, a cybersecurity expert, emphasizes: "Formulating effective strategies that balance security concerns with the legitimate grievances that hacktivist groups frequently spotlight is essential."

Digital activism has undergone a substantial change as a result of the fusion of hacktivism and criminal strategies. Now using standard cybercrime techniques to fund their operations, hacktivist groups were largely concentrated on ideological campaigns. 

Read more »
ThreatCloud AI
Check Point Cyber Attacks Cyber space Hacktivism Russia-Ukraine War ThreatCloud AI

'Cyber Battlefield' Map Shows Attacks Being Played in Real Time


A live map is all set to monitor cyberattacks around the globe as the conflict in Ukraine fuels a 'significant surge' in hostile activity.

Apparently, the technology utilizes intelligence gathered from a high-end AI-powered system – ThreatCloud AI.

The maps shows countries and companies that are particularly targeted with cyber incidents like malware attacks, phishing or exploitation.

How are Cyber Activities Impacted by the War According to a US-Israeli cyber security firm, Check Point, cyber activities have increased at an alarming rate in the past 17 months, reason being the Ukraine war.

Over the previous six months, the UK was attacked 854 times on average every week. As of May 2023, ransomware attacks have a negative effect on one out of every 77 organizations in the country.

According to Muhammad Yahya Patel, lead security engineer and evangelist for Check Point, “The threat landscape has continued to evolve in sync with the digital world as we are more connected to the internet than ever before. This has led to multi-vector cyberattacks and well thought out campaigns by criminals who want to cause maximum damage to organizations[…]Sometimes they use advanced tools and methods, while other times it’s a simple method like getting someone to click a link in an email."

Moreover, the UK has been suffering an online conflict as a group of hackers, have targeted prominent British organizations, frequently with links to the Kremlin that are either verified or rumored.

“Hacktivism has played a much bigger role globally with several state-sponsored groups and cyber criminals actively fighting a war in cyberspace[…]We had the Ukrainian government taking an unprecedented step by using a Telegram channel to call for international volunteers to help fight the cyber war by joining the “IT Army of Ukraine,” Patel said.

In regards to the Russia based group Killnet, Patel says, ”This is a properly established group with organizational structure and hierarchy. As an organised operation this group have been carrying out disruptive attacks to gain more attention and have recently targeted NATO.”

ThreadCloud AI

The ThreatCloud AI system continuously scans the environment and develops defenses against the numerous and diverse kinds of assaults. The creators provide customers with what they call a "comprehensive prevention-first architecture," which is appropriate for various devices, networks, and systems.

This live ‘battleground’ was presented at the Midland Fraud Forum’s annual conference in Birmingham last week as a segment informing audience regarding the various threats and methods to prevent them.

The multinational company based in Tel Aviv found that the ransomware operators have become more ruthless with their tactics to profit from victims.

One of the recent cases was when the University of Manchester suffered a cyber attack last month, where allegedly the students’ confidential data was compromised. In response, the university claimed that a ‘small proportion of data’ was copied and that ‘it had written directly to those individuals who may have been affected.’

Looking at the current scenarios, universities in the UK seems to have found themselves in the frontline of the ever developing threat landscape at a level greater than any other country.

In regards to this, Patel comments, ”The attacks against the education and research sector are highly concerning because this is higher than what we are seeing globally in this industry[…]It raises questions about what the UK is doing specifically for this sector to help it have a better cyber security baseline as I like to call it.”  

Read more »
Subscribe to: Posts (Atom)