Since the Russia-Ukraine crisis began, we have observed a significant increase in hacktivist activity. The Ukraine-Russia conflict has been seen as an increasingly permissive (and unique) environment that mobilized hacktivist groups that chose sides (around 70 hacktivist groups became involved).

The world has observed a significant number of hacktivist groups targeting organizations (even within the critical infrastructure sectors) primarily through DDoS attacks, defacements, and data leaks. Moreover, a pretty interesting point was the coordination of the cyber operations of the hacktivist groups, primarily via Telegram groups that one could easily join, participate in, and even download the tools provided to conduct cyber-attacks (e.g. DDoS).

 Some of the major Hacktivist groups were: Anonymous, TeamOneFirst, IT Army of Ukraine (some researchers regard this group as a hybrid one since its structure contains state actors and hacktivist components), GhostSec, Against the West and others.

On the other hand, some other hacktivist groups have targeted Ukrainian and western organizations. Some of those hacktivist groups were: the Cyber Army of Russia, KILLNET, XakNet, and The Red Bandits. 

Some of the above groups demonstrated a high level of sophistication in cyber operations. According to the assessment of the European Union Agency for Cybersecurity, the operational tempo and the cyber activity from hacktivist groups will very likely remain high as the conflict between Russia and Ukraine continues. An interesting question to be answered is whether this increased hacktivism activity will continue after the Ukraine-Russia conflict winds down or if hacktivism activity will revert to its previous low levels. An additional yet equally interesting question involves the possible infiltration of hacktivist groups by state actors, similarly as is the case with ransomware groups.

From a strategic perspective, the Russia-Ukraine crisis has defined a new era for hacktivism, its role, and its impact on conflicts. In future conflicts, states will very likely adapt their cyber warfare operations and take advantage of this new ‘hacktivism blueprint’. However, this ‘blueprint’ has implications for international norms in cyberspace and, more specifically, for state sponsorship of cyberattacks and against targeting critical civilian infrastructure.


If this information is helpful to you read our blog for more interesting and useful content, tips, and guidelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be assisting you with your query. 

Content curated by the team of COMPUTER 2000 based on official publications by the European Union Agency for Cybersecurity, including the Threat Landscape report for 2022. The full text of the report can be found here.

Follow us to learn more


Let’s walk through the journey of digital transformation together.

By clicking on the SEND button you agree to the processing of personal data. In accordance with our Privacy Policy

1 + 2 =