It’s been a while — a quick reminder: The Cybertracker I produce for the Russia-Ukraine war is based on Intent of the cyber threat actors, not capability.
I just wanted to quickly thank all those who read/use/enjoy the cybertracker I produce, really makes the long nights worth it. When I decided to make a list of cyber groups involved in the Russia-Ukraine war in February 2022 I did not think i would still be doing it in July 2023, or that it would be so popular and valued — so thank you.
Some notes from the 24th cybertracker:
- pro-Russian groups continue to outnumber pro-Ukraine (that does not include impact of attacks — purely groups numbers)
- Pro-Russian groups continue to seek improved capabilities to match their high intent.
- There continues to be new groups join the hacktivist activities. Telegram continues to be the dominate form of comms for pro-Russian groups.
- Usersec has created its own collective, which at its peak had at least 15 members.
- Anonymous Sudan continues to shift away from geopolitical motivations to religious motivations. — Update: Anonymous Sudan now combines both its alleged grievances to target both ‘russophobic’ countries and middle-eastern countries.
- Noname057(16) and the DDosia project remain the most active pro-Russian hacktivist group.
- pro-Ukraine groups continue to be smaller in number due to 2 reasons. 1, IT Army Ukraine is well organized and accounts for a large amount of people who would support Ukraine in hacktivist activities. 2, many Anonymous affiliate groups continue to operate on other targets and don’t exclusively target Russia.
- There were several Pakistan linked hacktivist groups who targeted Russia — this was part of retaliation due to a feud with Phoenix.
- Several Middle-Eastern and Indian hacktivist groups joined the Usersec Collective to support Russia. (It’s not clear if this was a retaliation after Pakistan groups targeted Russia)
- The ‘Richard W’ group is the alleged Wagner affiliated group/individual who targeted the Russian satellite comms provider — it marked one of the first Russia V Russia campaign.
- Killnet had a period of inactivity after Killmilk its leader was away — when they returned most Killnet associated groups reactivated, including Anonymous Russia who is now under the control of User1, the operator in charge of Usersec. Killmilk appears to have considerable control over killnet operations and those of other affiliate groups.
I have included the original version of the cybertracker below.
For real-time updates please see: https://twitter.com/Cyberknow20