Having a discussion on hacktivism is interesting these days because it’s there - and it’s not.
We’ve experienced a definite departure from the hacktivism of the 90’s and early 2000’s (think movies like Hackers), where it was a couple of guys with some Raspberry Pi’s in a basement somewhere doing it for “the love of the game.”
Now, more hackers have an agenda, or have been swallowed up by some larger entity that does, and can, pay well for i).
But here’s the million-dollar question; are hacktivists something that should be on the risk radar for your company? And if they are, how would you know it, and what would they look like?
As we scope out the threat landscape of 2025, it would seem that hacktivists are no longer to be found. But they, and the things they do, persist. Just maybe under a different banner.
Hacktivism: From Statements to State-Sponsored Attacks
Like so much these days, “hacktivism” as a title is being bought out. Are there one-off vigilantes still making a statement pushing a personal political agenda, an animal rights group, or an old grudge? Sure. They’re just not making the news.
If they’re not making the news, they’re not getting noticed. If they’re not getting noticed, then they have no reason to do what they do.
Just like video killed the radio star, large-scale ransomware killed the fame that things like doxxing or defacing a website once had. People, especially busy, business-minded executives, want to know more about the wide-scale breach that affected millions than the small site down the road that got hacked.
As the cybercrime news appetite has changed, hacktivists looking to make a statement have had to do it elsewhere. But what about the occasions we still hear about?
Unfortunately, they are often used as easy scapegoats by organized cybercrime groups and large state sponsors.
The “Hacktivist’s” Place in the Cybercrime Economy
What once was fun is now a career, and a serious one. Instead of messing around with small one-off jobs for possible payouts, those with the skills to successfully hack anything (and especially those with the propensity to already do it off the grid) are being snapped up by the well-oiled machinery of the cybercrime economy and put “to good use” for guaranteed pay.
These once-hacktivists are finding jobs as initial access brokers, selling large swathes of credentials on the dark web and cyber underground. They are contracted by who-knows-who on a need-to-know basis (and most won’t need to know) to do initial reconnaissance for large state-sponsored attacks. They are used as pawns or shields in the larger cybercrime game and finding monetary success in doing it.
Often, they’re not involved at all. Either the larger cybercriminal entity really will pay a group of independent hackers to do their dirty work; or they won’t and say they did. Either way, both parties are either explicitly or implicitly involved, and both bear part of the blame.
But blaming it on “hacktivists” always causes less geopolitical ripples than stating it was a nation-state actor outright. Once the larger entity has gotten what it needs from these hackers, it can leverage that data to launch even bigger attacks like Advanced Persistent Threats (APTs).
If You Can Dodge an APT, You Can Dodge a Hacktivist
By the same token, if your organization is at risk of APT attacks, it’s going to be high on the list for hacktivism threats as well, whether real or fabricated.
Best to put them on your risk radar, just in case. Because they work hand-in-hand, with hacktivists as the scouts that scope out your network first, take all threats seriously with an eye towards what they can become.
At-risk industries typically include high-regulated ones like:
- Finance
- Healthcare
- National Defense
- Critical Infrastructure
- Technology
Anything that makes a splash when personal data leaks out, or it gets taken offline, like a power plant, water facility or healthcare organization with millions of sensitive patient records.
You also want to be wary if you’re brokering in highly valuable innovations like nuclear energy or on the cutting-edge of AI and ML advancements. Cybercriminal agents want those technologies and are willing to steal for them.
The AI Disruptor: Answers Unknown
AI is disrupting hacktivism and cybercrime in the same way it is disrupting everything else. That looks like making things faster, better, smarter and sneakier. We’re in the middle of an AI arms race and the winner has yet to be decided.
One thing is certain. These threats are out there, not matter what their motive of origin, and companies cannot afford to not be using AI when so many of these attackers are.
Threat actors are compromising AI-driven pen testing tools, vulnerability management solutions, and a host of other things to find threats at scale and compromise them just as fast. Defenders need to do the same thing to stand a chance of staying ahead - or even keeping up.
The one key difference maker is threat intelligence. That’s the one thing that sets prepared organizations apart from reactive ones, because with predictive threat intelligence, security teams can see what’s coming.
That’s crucial when battling AI-driven threats, because they strike fast and hard, so chasing them down isn’t as easy as it once was, if it ever was. Also AI-driven workflows can help you respond.
Because whether it’s hacktivists or nation-state actors, a breach is still a breach, and every attacker poses a threat.