The hacking community is made up of a vast array of threats, and it’s only by learning about them, their motives, and their tactics that we stand a chance of defending ourselves.
So what are the most infamous hacking groups active right now? Who do they target? And why?
What Is a Hacker Group?
More often than not, hacker groups are decentralized organizations formed by skilled yet ill-judged individuals who exploit security flaws in computer systems or networks to carry out distributed denial-of-service (DDoS) attacks, install malicious software, aka malware, or stealing sensitive data. While there’s no shortage of reasons why hackers carry out these attacks, it usually comes down to profit, espionage, ideological pursuits, or simply for a laugh.
Hacker groups are mostly made of hackers with specific roles, such as “white hat” or ethical hackers, “black hat” or malicious hackers, and “gray hat” hackers who are a blend of both ethical and non-ethical.
These groups are infamous for their ingenuity, utilizing advanced techniques and tactics like zero-day exploits, phishing schemes, and social engineering to reach their objectives. Their targets include governments, organizations, financial institutions, and critical infrastructure, highlighting the need for superior cybersecurity measures.
Keeping up with their tricky tactics can help us fortify our defenses, safeguard sensitive information, and ensure a more secure digital environment for everyone. So, let’s meet the hacking groups that have made a name for themselves in the ever-evolving world of cybersecurity.
1. Lazarus Group
In January 2023, Al Jazeera reported that this hacker collective made off with a staggering 100 million dollars worth of Harmony cryptocurrency, putting North Korea back in the cybersecurity spotlight. However, this was far from their first rodeo. The Lazarus Group has an infamous history, including attacks on Sony and unleashing the WannaCry virus, one of the most notorious malware attacks of all time.
Their success lies in their resilience and relentless pursuit of high-stakes targets. From their initial DDoS attacks against the South Korean government to infiltrating banks across the world and stealing millions, the Lazarus Group’s brassy exploits continue to make headlines. The infamous 2014 Sony Pictures attack gave them worldwide popularity, exposing confidential information, top-secret correspondence, and upcoming movies before their release date. But the Lazarus Group now prefers to target cryptocurrencies.
While their tactics and targets continue to change, one thing remains a mystery: their identity. Is the Lazarus Group funded by the North Korean government or are they an international hackers-for-hire gang?
This ransomware prodigy stormed into the cyber scene in early 2022 with a ransomware-as-a-service (RaaS) criminal enterprise that left a trail of enterprise victims and hundreds of confirmed casualties in just a few months. Bleeping Computer reported that a Swiss tech giant called ABB was hit by ransomware, and sensitive data ended up in the hands of these cybercriminals. BlackBasta is all about well-calculated, precision strikes.
Leaving no stone unturned, BlackBasta has targeted organizations across the USA, Canada, the UK, Australia, New Zealand, and Japan. Rumors swirl about the group’s origins, sprouting from the seeds of the now-defunct Conti threat actor group from Russia.
Due to similarities in malware development, leak sites, and communication methods for negotiation and payment, it’s safe to say that BlackBasta is at least Conti’s love child.
LockBit, a ruthless RaaS group, has been orchestrating its cybercrime symphony since late 2019. They operate on a profit-sharing model, conducting business by selling its ransomware services to other cybercriminals. The group’s performances echo across hacking forums such as Exploit and RAMP, where they brag about their expertise.
What’s more, LockBit has a dedicated ransomware leak site, where they publish data from their victims in both Russian and English. However, they claim to have a base in the Netherlands, expressing no political motivation. They’re currently the world’s most active ransomware group.
Everything started in September 2019 with ABCD ransomware, using the file extension “.abcd virus” during its early acts. By January 2020, LockBit transformed into a RaaS family, embracing its new name and announcing a new era of digital piracy.
This horrendous hacking group shot to fame with a daring ransomware attack on the Brazilian Ministry of Health in December 2021 (as per ZDNet), leaving the COVID-19 vaccination data of millions of people in jeopardy. This group has since targeted renowned technology companies across the world—Samsung, Microsoft, and Nvidia, to name a few. They’ve even managed to disrupt some essential services of the gaming behemoth, Ubisoft. Plus, they’re one of the prime suspects in launching 2022’s hack on EA Games.
Still, the identity of these hackers remains shrouded in mystery: some reports suggest that an English teenager may be the brains behind it, while others mention a link to Brazil. Although The Verge reports that the London police have made seven arrests in connection with Lapsus$ (all teenagers), the group continues to operate, leaving both authorities and companies on high alert.
5. The Dark Overlord
The Dark Overlord (TDO) is famous for extorting high-profile targets and threatening to release sensitive documents unless hefty ransoms are paid. They first got into the public eye by selling stolen medical records on dark web marketplaces and then moved to target Netflix, Disney, and IMDb.
In a shocking twist, reported by CNBC, the group shifted from hacking and extortion to launching terror-based attacks on the Columbia Falls school district by sending threatening messages to students and parents, demanding payment to prevent harm to children. These atrocious attacks caused public panic, leading to the closure of over 30 schools and leaving over 15,000 students homebound for a week. However, it didn’t stop there: TDO announced the “9/11 Papers” hack, threatening to release top-secret documents unless a hefty ransom in Bitcoin was paid.
While one of the main members of TDO was caught and given a prison sentence, the group’s origins and true identities remain unknown.
Targeting large, established enterprises, especially in finance, healthcare, and retail, Clop cropped up in 2019, exploiting network vulnerabilities and phishing to gain access to a network, then moving laterally to infect as many systems as they can. They steal data and demand ransoms for it.
Some of their victims include Software AG, a German software company; the University of California San Francisco (UCSF), a prominent medical research institution; and Accellion File Transfer Appliance (FTA) users.
Clop’s swift and sophisticated tactics continue to pose a significant threat to companies across the world, highlighting the need for robust cybersecurity measures.
Probably the most well-known name of hackers, Anonymous is a decentralized hacking collective that originated in the depths of 4chan’s anonymous forums. From harmless pranks to hacktivism, Anonymous has developed into a force for opposing censorship and corporate injustice.
Famous for their Guy Fawkes/ V For Vendetta masks, the group’s roots date back to 2008 when they targeted the Church of Scientology in retaliation for alleged censorship. Since then, Anonymous’ targets included the RIAA, FBI, and even ISIS (yes, the terrorist group). Although they promote principles such as freedom of information and privacy, their decentralized nature sparks debates about their real causes.
While Anonymous has seen its fair share of arrests, its activities continue to resurface now and again.
Also known as Berserk Bear, Crouching Yeti, DYMALLOY, and Iron Liberty, Dragonfly is a cyberespionage group believed to be made up of highly skilled Federal Security Service of the Russian Federation (FSB) hackers. In operation since 2010 (at least), Dragonfly has a track record of targeting critical infrastructure entities in Europe and North America, as well as defense and aviation companies and government systems.
The group’s mode of operation comprises sophisticated spear-phishing campaigns and drive-by compromise attacks. Although there are no officially confirmed incidents linked to the group’s activity, it’s widely believed to be connected to the Russian government.
Dragonfly’s DDoS attacks have targeted water and energy-distributing companies in many countries, including Germany, Ukraine, Switzerland, Turkey, and the USA, resulting in blackouts that affected thousands of citizens.
9. Chaos Computer Club
Since 1981 the Chaos Computer Club (CCC) has been fighting for privacy and security, and with around 7,700 members, they pack a powerful punch. CCC is Europe’s biggest squad of white-hat hackers.
These hackers work together in regional hackerspaces called “Erfakreisen” and smaller “Chaostreffs.” They also throw an annual party, called Chaos Communication Congress, and rock the tech world with their publication titled “Die Datenschleuder.”
As for their main mission, they’re all about hacktivism, freedom of information, and strong data security. In 2022, they hacked into video-based identification (Video-Ident) systems, gaining access to an individual’s private health records. This bold move was aimed at shedding light on potential security risks, highlighting the need for stronger defenses in sensitive applications.
10. APT41 aka Double Dragon
Enter Double Dragon, a group suspected of having ties with the Chinese Ministry of State Security (MSS), which makes them a threat to the enemies of the Chinese government. Trellix (formally FireEye), a cybersecurity company, is confident that these cyber dragons are backed by the Chinese Communist Party (CCP).
For years, Double Dragon has been pulling off espionage stunts while secretly chasing the shining treasures of personal gain—it’s a win-win situation for them. They’ve been targeting sectors like healthcare, telecom, tech, and the gaming world (developers, distributors, and publishers alike). It seems that everyone is on their radar.
It’s Just the Beginning
We must remember that the world of cyber warfare is constantly changing, for better or worse. New groups will rise, old ones will fall, and some may reinvent themselves. However, one thing’s sure: this is an endless cat-and-mouse game.