Hacktavists

Hacktivists can be seen through the lens of ideological motivation. Their reasons for attacking organizations come in support of a cause, and usually financial incentives don’t dictate their actions.

Hacktivists typically would use stolen data to advance a political or ideological cause. (These motivations sometimes overlap with that of APT’s, but hacktivists lack the resources/sophistication of nation-state actors). An example of a hacktivism would include many of the attacks attributed to the organization ‘Anonymous’ , like their recent declarations of support for Ukraine in its ongoing conflict with Russia.

Hacktavists may use the stolen data to blackmail officials to elicit their silence or their power; take control of propaganda media channels and alter the message, and/or disable supply chains prevent the delivery of expected weapons or supplies. Besides stealing data to release, two other common attacks in a hacktavists’ playbook are  the defacement of websites and Distributed Denial of Service (DDOS) attacks.  

Some interesting Hacktavist attacks:

• Operation Tunisia by Anonymous (2008)
• Sony data breach by Lulzsec (2012)
• OpChile Operation (2019)
• Streaming service Twitch had its source code released (2021)

SolarWinds exploit:

This is classic espionage. It’s done in a highly sophisticated way … But this is a stealthy operation.   -Thomas Rid, The Washington Post

 Criminal Elements

Criminal elements are threat actors motivated typically by financial gain. An organization’s data can be stolen by insiders or those outside of the organization. While financial institutions are obvious targets, any organization could be a potential victim to these groups. 

The rise of ransomware is a prime example of this. Criminal groups will often hold organizations’ data hostage and demand ransom payments in exchange for returning access to the stolen records. These ransomware schemes can also take the form of “double-extortion” where these groups threaten to release sensitive/damaging enterprise data to the public if the ransom is not paid (in addition to prevented said organization the ability to access the stolen data). Some organizations will reluctantly pay the attackers to prevent government fines if their released data violates HIPAA, FERPA, GLBA, or other regulations.

Popular examples of ransomware groups and attacks of these include:

• Conti, a ransomware group
• FIN7, a criminal organization
• Kaseya, a ransomware attack

References

• https://www.france24.com/en/europe/20220323-ukraine-conflict-presents-a-minefield-for-anonymous-and-hacktivists
• https://www.trendmicro.com/vinfo/es/security/news/cyber-attacks/hacktivism-101-a-brief-history-of-notable-incidents
• https://www.infosecurity-magazine.com/opinions/twitch-hack-potential-security/
• https://securityboulevard.com/2020/06/analysis-of-the-top10-hacktivist-operations/ 
• https://www.cisecurity.org/solarwinds
• “Russian hack was ‘classic espionage’ with stealthy, targeted tactics”. The Washington Post. December 14, 2020. Archived from the original on December 14, 2020. Retrieved June 21.2022.
• https://www.zdnet.com/article/updated-kaseya-ransomware-attack-faq-what-we-know-now/