Interview: The Role of Hacktivism in the Russia-Ukraine Conflict

Written by

Ross Williams, Director of DFIR, CRITICALSTART
Ross Williams, Director of DFIR, CRITICALSTART

Hacktivism has played a significant role in cyberspace for several years, with a range of high-profile entities targeted by hackers for political reasons. These range from governments and various other political groups for policies they disagree with to exposing privacy issues relating to manufacturers’ products.

Recently, a range of individual hackers and hacktivist groups have been attracted to the current Russia-Ukraine conflict, effectively taking sides and targeting government agencies and other important organizations. The most prominent group to declare their involvement in this area is the hacktivist collective Anonymous, which declared ‘cyber war’ against Vladimir Putin’s government following the Russian invasion of Ukraine. The group has since claimed to have taken down websites and leaked data of organizations linked to the Russian government.

To discuss this trend and the impact these hackers are having on the conflict, Infosecurity recently spoke to Ross Williams, Director of DFIR at CRITICALSTART.

What trends have you observed regarding hacktivist groups and their tactics over recent years?

Over recent years, hacktivist groups have been primarily focused on psyops and social campaigns as opposed to technical hacking. We have seen them use their digital presence to create pro and con information floods for political agendas, social causes and geopolitical issues.

What are the most significant impacts of these kinds of groups over the past decade?

They have targeted numerous high-profile political and social events, including the Black Lives Matter (BLM) movement, US Elections and COVID-19 vaccines. They used social platforms to disseminate information and garner support for the causes and stances they deemed worthy. One major influence we saw them have is the #MeToo movement; another is the cancel culture movement.

The current Russia-Ukraine conflict has shown several examples of cyber-criminal organizations and hacktivist groups ‘taking sides.’ For example, the Conti ransomware gang came out in support of Russia while hacktivist group Anonymous declared a cyber war on the Kremlin. What are your reflections on this trend and the impact it has had on the conflict so far?

Many non-associated groups aligned over a common stance for and against the Russian invasion. It has also broken alliances that were formed before this geopolitical event. Look at Conti and how they have several insiders leaking their communications and capabilities. Furthermore, this has enabled groups that are against the situation to gain access to information once held close. We see cross-group information and skills sharing that is then used to turn pro-Russian tools against their own assets. Additionally, cyber-criminals who are against the situation have turned their tools and skills towards general society to provide outside information from news and refugee outlets to show what is really happening.

The digital theater has also influenced the psyops landscape using deepfakes. We are even seeing native website review tools to disseminate information. An even more interesting aspect is that supporting groups are finding creative ways to get funds to refugees. The alignment between pro-Russian groups has provided them with new capabilities and refinements of current tools. It has also increased their target landscape of who, what and how to launch cyber-attacks successfully.  

Are these lone groups and individuals potentially helping bring conflicts like the Russia-Ukraine war to an end?

Based on what we are seeing, they are helping. The Kremlin has launched a full-on disinformation campaign on their general population, and these groups have brought the truth into the light. Additionally, we see Russian military members deserting and threatening to launch a coup. Again, this is due to the information warfare that these groups are waging.

How do you expect the area of hacktivism to evolve beyond the current Russian-Ukraine conflict?

Based on other geopolitical conflicts taking place, we expect to see most groups focus their newly learned capabilities and newly founded partnerships on these regions to try to influence the outcomes for their political alignments.

What’s hot on Infosecurity Magazine?