Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Ransomware

ENISA Warns About Hacktivist, Ransomware Crossover

Hacktivists Are Likely to Increasingly Adopt Cybercrime Tactics, Report Says
ENISA Warns About Hacktivist, Ransomware Crossover
Image: Shutterstock

Ransomware hacks and self-declared hacktivist denial-of-services attacks were the most prolific threat to European Union members over the 12-month period ending in June, the EU cyber agency warned, adding that the nexus between nation-state hackers and hacktivist groups poses an emerging threat.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

Between July 2023 and June, the European Union Agency for Cybersecurity - known as ENISA - observed a "notable escalation" in cyberattacks, a cyberthreat analysis report from the agency says.

"The prime threat was distributed-denial-of-service and it appears to target the entire range of sectors. These are followed by ransomware attacks and data-related threats," ENISA said.

State-aligned hacktivist groups are the most active threat actors behind DDoS attacks, ENISA said, attributing the surge in attacks to the geopolitical tensions connected to Russia's invasion of Ukraine in 2022. Russian-aligned hacktivist group NoName057 and Russia intelligence-backed Cyber Army of Russia were among the most active threat actors behind DDoS attacks against EU agencies.

The EU elections in June and the Paris Olympics in July also caused a surge in attacks from DDoS operators looking to disrupt the operations.

In the case of ransomware, financial theft was the main driver, although some hacktivist groups are now deploying ransomware to draw attention to their political causes.

"Alongside the blending of hacktivism with state-nexus activity, it is likely hacktivists will increasingly adopt cybercrime tactics, sometimes with direct or indirect support from these state-nexus groups," the report says.

LockBit was among the most active ransomware until its disruption by law enforcement agencies in February. Other active ransomware-as-a-service groups targeting the EU organizations included Clop and Play.

Iranian and Russian threat actors were the most observable nation-state groups. Chinese actors, in particular, are compromising edge devices such as remote monitoring and management software to evade detection (see: Chinese Hackers Penetrated Unclassified Dutch Network).


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.