All news with #hacktivist tag

🔍 Check Point found a 124% rise in hacktivism and ransomware across Germany, Austria, and Switzerland in 2025, with Germany accounting for roughly 82% of incidents. Defacement and DDoS drove the volume—66% of events—while ransomware comprised nearly 30%, led by Akira, Qilin, and Safepay. The report highlights identity weaknesses, exposed remote services, and insufficient patching as primary enablers, and recommends MFA, patch discipline, credential monitoring, and reduced public attack surface.

🔒 A pro‑Ukrainian hacktivist group known as PhantomCore exploited a chain of vulnerabilities in TrueConf Server, using three flaws to achieve remote command execution and bypass authentication beginning in September 2025. Positive Technologies reported that although TrueConf released patches on August 27, 2025, the actors reproduced and weaponized the chain in the wild. Compromised servers were used as springboards for lateral movement, deploying PHP web shells, reverse shells and tunneled proxies, and for harvesting credentials with both bespoke and commodity tools.

⚠️ The FBI confirmed that Iran-linked hackers accessed the personal email account of FBI Director Kash Patel and published private photos and what appears to be his CV. The pro-Iranian hacktivist group Handala posted a selection of personal and work correspondence, with reporters verifying some items from Patel's Gmail account. The FBI said no classified or government systems were compromised and has taken steps to mitigate risks; strong, unique passwords and multi-factor authentication are advised.

🚨 Cybersecurity firms reported 149 hacktivist DDoS claims from Feb 28–Mar 2 that targeted 110 organizations across 16 countries, with 107 attacks concentrated in the Middle East. Two groups, Keymous+ and DieNet, drove nearly 70% of activity while NoName057(16) and others composed most remaining operations. Government, finance, and telecom sectors were disproportionately targeted, and vendors including Radware, Orange Cyberdefense, and Unit 42 provided attribution and telemetry. Analysts warn allied nations and critical infrastructure to increase monitoring and harden defenses.

🔒 Spanish authorities arrested four alleged members of the hacktivist group Anonymous Fénix for a series of distributed denial-of-service (DDoS) attacks that targeted government ministries, political parties, and public institutions. The Spanish Civil Guard said the group first struck in April 2023 and intensified activity after severe floods in Valencia in late October 2024, using X and Telegram for recruitment and propaganda. Courts ordered seizure of the group's X and YouTube accounts and closure of its Telegram channel following the arrests.

🚨 The U.K.'s National Cyber Security Centre (NCSC) warns of sustained disruptive DDoS activity from pro‑Russian hacktivists, notably NoName057(16), which operates the crowdsourced DDoSia platform that mobilises volunteers and offers rewards. Despite arrests and server takedowns during Operation Eastwood, the group has re-emerged and continues to target critical infrastructure, local government and OT systems. The NCSC advises strengthening upstream ISP/CDN protections, designing for rapid scaling, rehearsing response plans for graceful degradation, and continuous testing to reduce downtime and recovery costs.

⚠️ The UK National Cyber Security Centre (NCSC) has issued an alert about ongoing disruptive cyber activity by Russian-aligned hacktivist groups targeting UK organisations, with local government and critical national infrastructure singled out. The campaigns mainly use denial-of-service (DoS/DDoS) attacks to overwhelm websites and online systems, taking services offline. The advisory highlights groups such as NoName05716, their coordination via Telegram and the hosting of tooling on GitHub, and urges organisations to review DoS protections, strengthen resilience and engage with NCSC threat collection.

🚨 A joint advisory from CISA, the FBI, the NSA and partners warns of a surge in pro‑Russia hacktivist activity exploiting exposed VNC and other internet-facing OT interfaces to breach systems across US water, food production and energy sectors. Low-skilled groups such as CARR, NoName057(16), Z-Pentest and Sector16 employ port scans, brute-force password guessing and simple reconnaissance tools to capture screenshots, alter parameters, disable alarms and force costly manual recoveries.

🔒 U.S. prosecutors arraigned 33-year-old Victoria Dubranova, accusing her of supporting Russian state-linked hacktivist groups in cyberattacks against critical infrastructure, including water systems and election-related targets. Dubranova, known by aliases such as Vika and SovaSonya, was extradited this year and has pleaded not guilty to charges tied to NoName057(16) and CyberArmyofRussia_Reborn (CARR). She faces separate trials in February and April 2026 and potential sentences of up to 27 years and 5 years under the respective indictments.

🔒CISA, alongside the FBI, NSA, DOE, EPA, the Department of Defense Cyber Crime Center, and international partners, published a joint advisory describing opportunistic pro-Russia hacktivist activity targeting operational technology (OT) systems. These groups exploit minimally secured, internet-facing VNC connections to access OT control devices and have caused varying impacts, including physical damage. Named actors include Cyber Army of Russia Reborn, Z-Pentest, NoName057(16), and Sector16. The advisory recommends reducing internet exposure of OT assets, adopting mature asset-management and mapping practices, and enforcing robust authentication.

🛡️ ENISA's study of 586 public administration incidents found DDoS attacks made up roughly 60% of events, with 63% attributed to hacktivist groups. Central government incidents accounted for 69% of the total, while data breaches (17%) and ransomware (10%) caused disproportionate disruption. ENISA warns the sector's low maturity and recent inclusion in NIS2 increase risk and recommends CDNs/WAFs for DDoS mitigation, MFA/PAM/DLP for data protection, and EDR, segmentation and backups to combat ransomware.

⚠️ The Canadian Centre for Cyber Security warns hacktivists are increasingly exploiting internet-accessible industrial control systems (ICS), citing recent intrusions that affected a water utility, an oil and gas automated tank gauge (ATG), and a farm's grain-drying silo. Attackers manipulated pressure, fuel-gauge, and environmental controls, creating safety and service disruptions. The alert urges secure remote access via VPNs with MFA and inventories of OT assets. Provincial and municipal coordination is recommended to protect sectors lacking cybersecurity oversight.

🛡️ Hezi Rash is a Kurdish nationalist hacktivist collective formed in 2023 that has escalated to coordinated DDoS campaigns targeting entities perceived as hostile to Kurdish or Muslim communities. Their public rhetoric mixes nationalism, religion, and activism, and they have claimed attacks in response to symbolic provocations such as an anime scene depicting a burning Kurdish flag. Targets reported include anime platforms, media outlets, NGOs, and government services, causing intermittent service disruptions and demonstrating growing technical sophistication.

⚠️ The Canadian Centre for Cyber Security warns that hacktivists recently breached multiple internet-exposed industrial control systems across Canada. Attackers modified settings at a water treatment facility, an oil and gas site (manipulating an Automated Tank Gauge), and a farm grain dryer, causing disruptions, false alarms, and potentially unsafe conditions. Authorities describe the intrusions as opportunistic attempts to attract media attention and erode public trust rather than highly sophisticated campaigns. The bulletin urges organizations to inventory exposed ICS assets, remove direct internet access, use VPNs with two‑factor authentication, keep firmware updated, and report suspicious activity.

🔎 Two 17-year-olds in the Netherlands were arrested after allegedly being recruited via Telegram by pro‑Russian hackers to map Wi‑Fi networks near government targets. Reports say the youths walked areas of The Hague close to Europol, Eurojust and several embassies while using a Wi‑Fi sniffer; the Canadian embassy was reportedly targeted. The domestic intelligence service tipped off police, who carried out raids and seized evidence. One teenager remains in custody while the other has been electronically tagged and placed under house arrest as the probe continues.