Is Hacktivism the next big threat?
A pro-Russian hacktivist group has claimed over 6,600 attacks since March 2022, almost exclusively targeting European countries. Hacktivists were responsible for almost a quarter of sophisticated “category 2” attacks targeting OT. These are the two most important outcomes of the latest Orange Cyberdefense Security Navigator report.
With 96 percent of their attacks focusing on Europe, pro-Russian hacktivists primarily targeted Ukraine, the Czech Republic, Spain, Poland, and Italy. Europe is also the second most impacted region by cyber extorsion (Cy-X), with victim numbers increasing by 18 percent every year. Most affected are Italy (19%), Germany (19%), France (16%), Spain (13%) and Belgium (8%). In the Nordic countries, extorsion has grown rapidly, with a 38 percent increase in victim counts.
The pro-Russian hacktivist group – one of the most active – has conducted over 6,600 attacks since early 2022, mostly targeting symbolically important European entities. Hacktivist groups increasingly appreciate the power of cognitive attacks, using technical disruptions not just to create direct impact, but also to manipulate public opinion, undermine trust in institutions, and destabilize societal confidence.
By attacking election-related systems and other symbolic institutions, hacktivists want to draw attention to the political and economic issues they consider important, creating fear, uncertainty, and doubt (FUD). This shows how modern hacktivists target perception as much as infrastructure.
While hacktivism mainly targets Europe, North America also faces its share of attacks. It was the region most affected globally by cyber extortion, experiencing a yearly increase of 25 percent in cases. The US also endured the highest concentration of targeted OT attacks, accounting for roughly half of all incidents. This trend reinforces the region’s position as a top target for financially motivated threat actors but leads to questions about why hacktivists are avoiding it. The authors believe this may be due to fears of repercussions. However, another possible reason is that hacktivist groups think the United States is already deeply divided both socially and politically, with record-low trust in institutions, which would result in a lower return on investment for their actions.
Worldwide, hacktivist activity targeting OT systems, which are critical for operating essential infrastructure, is a huge concern. According to the research, nearly one in four sophisticated attacks targeting OT can be attributed to hacktivists. As such attacks have typically been associated with state actors, the growth of hacktivism reveals a new level of sophistication and risk to critical infrastructure.
It is noteworthy that 46 percent of OT cyber-attacks resulted in the manipulation of control, meaning that the adversary could affect the physical process. The utility sector has been heavily affected, with the report finding that it suffered 46 percent of attacks that directly targeted OT systems.
The report highlights AI as a powerful yet complex tool, with both defensive and offensive cybersecurity applications reshaping threat dynamics. Threat actors, including state-sponsored ones from China, Russia, and Iran, are leveraging GenAI to create realistic phishing content, fake images, and deepfakes to deceive a large audience, which is supporting their deployment of ‘cognitive attacks.’
The report also notes AI's effectiveness in detecting hard-to-identify threats, particularly improving detection rates for tactics like ‘beaconing,’ which allows malware to communicate with command-and-control servers. This has reduced incident response times by up to 30 percent. However, it also warns of vulnerabilities in genAI solutions, urging businesses to enforce strict access rights, ensure tenant isolation, and educate users about data leak risks in prompts.
