1) Anonymous
Well, who doesn’t know about the infamous hackers group Anonymous. The decentralized group originated in 2003 on the imageboard 4chan . It is a leaderless organisation which projects itself as the cyber guardian of human rights and vows to fight against injustice through the weapon of “hacking”. Known for projecting itself as a vigilante group the members of the group are recognized by The use of Guy Fawkes Mask which seems to be inspired by the movie “V for Vendetta”. Initially the group is believed to have a loosely self-agreed goal of entertainment, however beginning with Project Chanology; a series of protests Anonymous held against the Church of Scientology in 2008 the group started focussing on a number of international issues involving Islamic State, Wikileaks, Child Pornography, Copyright Protection, Occupy Movement etc. The famous “operations” conducted by the group include #OpSaudi, #OpParis, #OpISIS, hacking the Pentagon and attacks against Visa, PayPal and Mastercard for refusing payments to Wikileaks. In 2012 Time magazine named “Anonymous” in its list of “100 most influential people” in the world
A. Operation Sony
Date: April 2, 2011
Victim: Sony Computer Entertainment
Remember when a different Sony website was getting hacked every week? Or when the PlayStation Network was shut down for what seemed like a the second half of the NBA season? That all started with an attack by Anonymous on April 2. After Sony decided to take George Hotz to court for creating and distributing software that allowed PlayStation owners to run homemade software on their consoles, Anonymous launched #OpSony and took down the PlayStation Network. The rest, as we saw, was history.
B. Bank of America E-Mail Drop
Date: March 14, 2011
Victim: Bank of America
In an effort to expose Bank of America’s alleged corrupt and unfair mortage practices, Anonymous leaked a trove of internal e-mails reportedly sourced from a seven-year employee of the bank on bankofamericasucks.com. While seemingly a big deal, the drop failed to make much of a splash due to the fact that BoA was already in the news for shady loan practices and the e-mails didn’t really show any obvious wrongdoing
C. Operation Payback
Date: December 2010
Victim: Visa, MasterCard, Amazon, PayPal, PostFinance When the U.S. Government demanded that WikiLeaks stop releasing top secret diplomatic cables to the public, a number of companies that supported WikiLeaks in the past turned against the website by freezing accounts and shutting down the site’s servers. Anonymous decided to step in on behalf of Julian Assange’s cause and declared war on Visa, MasterCard, PayPal for refusing to do business with WikiLeaks. On December 8, 2010, both Visa’s and MasterCard’s sites were taken down by the group.
D. Anonymous Takes Down HBGary Barr
Date: February 6-11, 2011
Victim: HBGary Federal, Aaron Barr
After claiming to have infiltrated Anonymous, HBGary Barr and its CEO Aaron Barr got hit with one of the hacker group’s strongest attacks to date. Anonymous first took over the hompage of the security company and replaced it with the above letter which read in part: “You brought this upon yourself. You’ve tried to bite at the Anonymous hand, and now the Anonymous hand is bitch-slapping you in the face.” The group went on to shut down the company’s phone system and hack into the company’s e-mail system, making public over 68,000 private e-mails which included presentations, information on competing firms, and info on HBGary Barr’s plans on taking down WikiLeaks. It didn’t stop there. The group to over Aaron Barr’s Twitter account and posted his home address along with his phone number
E. Operation Tunisia
Date: January 2011
Victim: Tunisian government The Tunisian Revolution, which led to the ousting of President Zine El Abidine Ben Ali, was fought over a number of things—government corruption, unemployment, poor living conditions—but a major sticking point was the lack of freedom of speech. A major instigator in the protests was a WikiLeaks wire that described, in detail, the corruption present in the Tunisian government. Anonymous recruited a number of Tunisian hackers to help take down eight government websites with DDoS attacks
F. Anonymous Tags SOHH
Date: June 2008
Victim: SOHH.com
There’s nothing harsher than a hip hop message board. Anonymous leanred this the hardway when members of the group discovered some members of SOHH’s “Just Bugging Out” forum were taking shots at the group. Anonymous’s response happened in three waves: First they flooded the site’s message boards forcing it to shut down, then they hit ’em with a bunch of DDoS attacks which crippled the site, then it went in for the kill and defaced SOHH’s homepage with racist slurs and images.
G. Operation Titstorm
Date: February 10, 2010
Victim: Austrailian government Anonymous is for the people. All the people. Even the ones that like watching porn featuring small-breasted women. In response to the Australian government passing a legislation that would block porn featuring female ejaculation and women who looked underage due to their lack of Twos, Anonymous threatened to, and then shut down the Australian Parliament House website and almost took down the Department of Communications website
H. Operation Didgeridie
Date: September 9, 2009
Victim: Austrailian government In 2007, Stephen Michael Conroy, the Minister for Broadband, Communications, and Digital Economy for Australia, went on a crusade to censor the Internet to block malicious content which included child pornography, but wound up encompassing any website that displayed sex, drugs, or violence. In protest, Anonymous used a denial of service attack to take the Prime Minister’s website offline for about an hour
I. Fine Gael Website Attack
Date: February 25, 2011
Victim: Fine Gael Irish political party Looking at the list of victims hit by the hacker group, the Fine Gael seems like a pretty small fish, but the hack was pretty epic nonetheless. During the 2011 Irish General Elections, Anonymous took over the group’s new website and posted the above image with the following text: “Nothing is safe, you put your faith in this political party and they take no measures to protect you. They offer you free speech yet they censor your voice. WAKE UP!”
J. Anonymous has taken Operation OpRussia a step further by targeting Aerogas, Forest, and Petrovsky Fort, which happened to be giants in their respective industries.
The online hacktivist collective Anonymous has hit three more targets in its ongoing operation #OpRussia against the Russian invasion of Ukraine. One of the Anonymous representatives on Twitter (@YourAnonTV) also tweeted about the hack and revealed that “Anonymous leaked over 400,000 new emails from Russia including well over 100,000 emails from the oil, gas, and logging industries.”
Companies Affected by the Leak
Hackers leaked around 437,500 emails belonging to Aerogas, Forest, and Petrovsky Fort. The data leak comprises 244 GB worth of information including 300,000 emails from Petrovsky Fort, which owns the largest office complexes in Saint-Petersburg, Russia’s 2nd largest city.
The second firm affected by this leak is Aerogas. Hackers leaked 145 GB worth of information including 100,000 emails of the engineering firm that caters to Russia’s oil and gas sector. Aerogas clients include Rosneft, Russia’s largest producer of oil, and Novatek, the country’s leading natural gas producer. It is worth noting that both Aerogas and Petrovsky are state-owned entities. The third company affected by this leak is Forest, a Russia-based logging firm. Hackers leaked around 37.7 GB worth of information including 375,000 emails of this company
2. Tailored Access Operations, NSA
If it weren’t for Edward Snowden, we probably wouldn’t know about (TAO). TAO has some of the best capabilities in the world and has collected about all the American telephone data you can imagine. Once revealed, more and more details have continued to come out about them.We now know they have 600 employees in the main NSA complex in Fort Mead, Maryland. There are also branches in Hawaii, Georgia, Texas, and Denver. They have sophisticated unique abilities that are difficult to even dream up. One of those capabilities is QUANTUMSQUIRREL, which allows them to appear on the internet anywhere as anyone. They’ve also compromised very common computer systems often with physical access or cooperation with network or hardware companies. They are known to force companies to insert vulnerabilities into their own systems for TAO to exploit.Just about all the details of the organization are Orwellian. Take, for example, WARRIOR PRIDE, its iPhone and Android software that can turn on a phone remotely, turn the microphone of the phone on and listen, track using geolocation, and has its own tamper-proofing and stealth programming. That’s just one that we know about but there are probably many more out there being used without the public knowing a thing.
3. Elderwood Group and 20 other Chinese APTs
Elderwood Group, Axiom, Unit 61398, Comment Crew, Putter Panda, Hidden Lynx, are just some of the bigger hacking groups originating from China. China pioneered the state-sponsored hacking group, and they’ve continued to perfect the practice. Often it is difficult to tell whether the Chinese government is pulling the strings, funding, or even has an affiliation with a group. I’m trying not to be ominous, but the list of hacks and zero-day exploits of these groups are rather long.
One of the more famous attack came in 2010 under the name “Operation Aurora”. We in part know about Operation Aurora because Google came forward and announced it had been hacked. Common targets included defense industries, human rights campaigns, and supply-chain firms. Elderwood group is a blanket term for all the groups involved. Sub-groups include Hidden Lynx (targeted defense industry and Japanese users), Linfo (manufacturing firms), Sakurel (aerospace companies), and Vidgrab (Uyghur dissidents). Such a coordinated, advanced, well-funded attack had to be orchestrated by the Chinese government. It is unclear what precautions will be taken to protect against increasingly sophisticated and persistent attacks in the future.If that wasn’t enough
4. APT28 (Fancy Bear)
APT28 (also known as Fancy Bear) is unsurprisingly an Advanced Persistent Threat group. They’re Russian, and they might share funding sources with Dragonfly (although I don’t know so I didn’t group them together). All of their targets are targets that the Russian government is interested in, they speak Russian, and they’ve been traced back to a government sponsor in Moscow so it seems like a possibility.APT28 uses pretty well-known hacking methods and uses them successfully and often. They’ve hacked NATO, Polish government websites, Georgia ministries, and OSCE among many others. They’re unique in that they’ve been caught framing the Cyber Caliphate (ISIS) for their attacks. Just like other organizations on this list, they operate in areas with no extradition treaty to the U.S., so they are immune to legal repercussions.Additionally, they have hacked many different sporting organizations such as the World Anti-Doping Agency, the International Association of Athletics Federation, and the Swedish Sports Confederation. The World Anti-Doping Agency (WADA) leak was notable as it was in retaliation to Russia’s doping scandal and subsequent ban from Olympic competition.
Microsoft seized seven domains belonging to Strontium, also known as Fancy Bear or APT28, a Russian hacking group with ties to the country’s military intelligence agency, the company announced in a blog post According to Microsoft, Russian spies used these sites to target Ukrainian media outlets, as well as foreign policy think tanks and government institutions located in the US and the European Union.Microsoft obtained a court order to take control of each domain on April 6th. It then redirected them to a sinkhole , or a server used by cybersecurity experts to capture and analyze malicious connections. The company says it has seized over 100 domains controlled by Fancy Bear before this most recent takedown.This particular hacking group has a long history of attempting to interfere with both Ukraine and the US. Fancy Bear was linked to cyber attack in democratic national committee in 2016 and targeted the US election in 2020 .Russia’s invasion of Ukraine has only exacerbated cyberattacks by Fancy Bear and other bad actors. Last month, Google said Fancy Bear and Belarusian hacking group Ghostwriter carried out a phishing attack targeting Ukrainian officials and members of the Polish military. Russian state-sponsored hackers have also been accused of hacking into an Europe satellite service at the start of Russia’s invasion of Ukraine, as well as targeting US defence contractors in February. It’s unclear whether Fancy Bear was behind either attack
5. Dragonfly
Another likely state-sponsored group, this time out of Eastern Europe and Russia, is Dragonfly. Dragonfly is likely state-sponsored due to its targets: electric grids, energy industry, and other control systems in U.S. and Europe. They’re designated as an APT (Advanced Persistent Threat).
Their most common attacks are spear-phishing and watering hole attacks. This is not unusual for APT groups. They’ve also demonstrated capabilities to embed trojans in legitimate software for industrial control systems, which is very reminiscent of Stuxnet.
When Stuxnet was first found, it was recognized to be universal for many industries. It might be that we are starting to see Stuxnet-like worm capabilities for organizations other than the United States and Israel. In recent years, Dragonfly has continued its assault on the US energy grid, with repeated attempts to get inside the systems of critical infrastructures.
6. Tarh Andishan/Ajax
Understandably, Iran was not pleased with Stuxnet. It jeopardized the country’s nuclear power (and if you’re more cynically-inclined, also its nuclear bomb) ambitions. Iran decided it was best to aggressively upgrade its cyber capabilities. They did this in at least two ways: they created an independent state-sponsored group, Tarh Andishan, and consulted and hired existing Iranian hacktivist groups (like Ajax).
Ajax was better known for website defacement, but after Stuxnet it’s likely they were consulted for patriotic espionage (pioneered by the Chinese). Ajax is most famous for “Operation Saffron Rose” in which they attempted to gain information on U.S. defense industry officials with advanced phishing attacks
Tarh Andishan is actually a little scarier for the average civilian because they’ve gained access to airport gate control systems in South Korea, Saudi Arabia, and Pakistan. Such access would allow them to spoof security credentials in an airport. They’ve also hacked industrial targets like oil, gas, and telecommunications companies.
7. Chaos Computer Club
Chaos Computer Club (CCC) is arguably the oldest hacker group that still exists today, and it is the largest group in Europe. A group of German hackers formed the group in 1981. CCC campaigns for transparency in governments and easy access to computers and information. Unlike other groups on this list, the CCC does not wage war on governments and industries. Instead, the group focuses more on ethical hacks that expose vulnerabilities in security systems as a means of educating people about cybersecurity.
These days, most of the members of CCC are Germans. As a result, the groups tread carefully in their campaigns, and they often seek legal advice from lawyers before hacking into systems.
CCC has survived long, and a large part of the public recognizes their abilities and accepts them. In some cases, even the press has sung their praises. However, given the size of the group, not every member always sticks to the law. The CCC became famous in the 80s after drawing the attention of the Deutsche Bundespot to loopholes in their system. At the time, Deutsche Bundespost was trying to stifle other technologically advanced firms from competing with them. The company responded to the CCC’s claim by assuring the public that their security was airtight. CCC eventually hacked their system and stole DM 134,000. However, they returned the money the next day
8. Syrian Electronic Army
The Syrian Electronic Army (SEA) is a hacker group that sympathizes with the Syrian people. Also, the group has links with Iran and Hezbollah. Over the years, the group has been able to carry out attacks that show just how effective they are.
Their most popular attacks include defacing several major western news outlets and locating opposition rebels with malware. However, the SEA stands out because of its style and tone. For example, the group tweeted from the AP’s account that there had been explosions at the White House, and then-president Obama was injured. The tweet had a dramatic effect on the DOW Jones Index, causing a temporary fall. In addition, the group also tweeted from a BBC Weather account that “Saudi weather station is down due to head-on collision with a camel.”
9. Morpho
Morpho, a.k.a. Wild Neutron, is a well-funded group that has executed dozens of high profile hacks since 2011 on tech, pharmaceutical, and investment companies. They’re likely not state-sponsored because their hacks usually steal insider information for monetary gain. They’ve hit Microsoft, Apple, Facebook, and Twitter via zero-day exploits. Since zero-day exploits are unknown to the software vendor as long as they are undiscovered, they give powerful access to the hacker. This is a contrast to something simple like a DDOS that just overloads server traffic for a period of time.
Morpho is particularly interesting because they are likely a sophisticated small group. Some of their signatures include multi-platform malware, well-documented code, bitcoins to pay hosting providers, and multi-staged command and control networks with encrypted virtual machines. They are English-speaking and are very good at covering their tracks.
10. Bureau 121
Although most technology in North Korea is extremely outdated, their government still has shown interest in hacking. According to defectors, military hackers live extravagant lives in North Korea. Top students are handpicked from straight out of their “University of Automation” school. The primary wing of this hacking group is known as Bureau 121. It comprises about 1,800 people that work around the world (because the internet infrastructure in NK is pretty terrible). Most of the Bureau’s activity has been focused on South Korea. Attacks have ranged from malicious gaming apps targeted at South Korea, hacking the website of the South Korean President, and destroying the data of banks and broadcasting companies. Guardians of Peace, the group behind the famous sony hackmight have been a Bureau 121 proxy. That particular hack cost Sony about $15 million
Leave a Reply