Hacktivists Use of DDoS Activity Causes Minor Impacts

Fortify Security Team
Nov 4, 2022

The FBI defines hacktivism as a collective of cyber criminals who conduct cyber activities to advance an ideological, social, or political cause. Historically, hacktivist collectives conducted and advocated for cyber crime activity following high-profile political, socioeconomic, or world events. Coinciding with the Russian invasion of Ukraine, the FBI is aware of Pro-Russian hacktivist groups employing DDoS attacks to target critical infrastructure companies with limited success. Hacktivists provide tools and guidance on cyber attack methodology and techniques to anyone willing to conduct an attack on behalf of their cause. DDoS attacks of public facing websites, along with web page and social media profile defacement, are a preferred tactic for many operations. These attacks are generally opportunistic in nature and, with DDoS mitigation steps, have minimal operational impact on victims; however, hacktivists will often publicize and exaggerate the severity of the attacks on social media. As a result, the psychological impact of DDoS attacks is often greater than the disruption of service.

Hacktivists often select targets perceived to have a greater perceived impact rather than an actual disruption of operations:

  • DDoS attacks require little technical knowledge and hacktivists may leverage a wide range of open source DDoS services and tools to disrupt public facing websites.
  • High-profile targets including financial institutions, health and medical facilities, emergency services, airports, and government facilities are common targets of DDoS attacks.
  • Hacktivists typically claim responsibility of such attacks on social media to increase their credibility and falsely assert greater impact or disruption than what occurred.
  • Hacktivists also recycle previously disseminated information (whether exfiltrated or a compilation of publicly available information) to build credibility and imply a higher level of technical ability.
  • Hacktivists may post news coverage about their attacks, which can lead to repeat attacks or copycat attacks on targets that received a large amount of media attention.


DDoS attacks are of varying lengths of time and can be identified by:

  • Unusually slow network performance (opening files or accessing websites).
  • Unavailability of a particular website or the inability to access any website.

To mitigate a DDoS attack:

  1. Enroll in a Denial of Service protection service that detects abnormal traffic flows and redirects traffic away from the network.
  2. Create a partnership with your local internet service provider (ISP) prior to an event and work with your ISP to control network traffic during an event.
  3. Create a disaster recovery plan to ensure successful and efficient communication, mitigation, and recovery in the event of an attack.
  4. During and after a DDoS attack, monitor other network assets for any additional anomalous or suspicious activity that could indicate a secondary attack.


Recent Posts

State of Emergency – Moore County, North Carolina

Authorities in Moore County, North Carolina, declared a state of emergency on Sunday, December 4, following a targeted attack that damaged electricity infrastructure and left more than 40,000 customers without electrical power. County residents are under a curfew that...

DPRK: Missile Impact in Close Proximity to International Air Routes

On 17 November 2022, the Democratic People’s Republic of Korea (DPRK) conducted a test launch of a long-range ballistic missile without issuing advance warning, posing a risk to civil aviation and maritime vessels. The missile traveled beyond the boundaries of the...

Google Chrome Could Allow for Arbitrary Code Execution

A Vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of...

Mozilla Products Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web...