Hacktivist
What is Hacktivist?
HacktivistA threat actor who carries out cyber attacks to advance a political, social, or ideological cause rather than for financial gain or state intelligence objectives.
Hacktivists publicise their grievances through defacements, leaks of sensitive documents ("hack and leak"), DDoS, doxxing, and disruption of services they consider unjust. Some are loosely organised online collectives such as Anonymous, LulzSec, GhostSec, or Anonymous Sudan; others align with geopolitical conflicts, such as IT Army of Ukraine, Killnet, NoName057(16), and Cyber Av3ngers. Capabilities range from basic DDoS-as-a-service to credential leaks of millions of records. Hacktivism frequently overlaps with nation-state operations either through deniable proxies or simply through state-aligned ideology, which complicates attribution and policy responses.
● Examples
- 01
Anonymous claimed responsibility for many actions against the Church of Scientology starting in 2008.
- 02
Killnet and NoName057(16) conducted DDoS campaigns against NATO-aligned countries after Russia's 2022 invasion of Ukraine.
● Frequently asked questions
What is Hacktivist?
A threat actor who carries out cyber attacks to advance a political, social, or ideological cause rather than for financial gain or state intelligence objectives. It belongs to the Defense & Operations category of cybersecurity.
What does Hacktivist mean?
A threat actor who carries out cyber attacks to advance a political, social, or ideological cause rather than for financial gain or state intelligence objectives.
How does Hacktivist work?
Hacktivists publicise their grievances through defacements, leaks of sensitive documents ("hack and leak"), DDoS, doxxing, and disruption of services they consider unjust. Some are loosely organised online collectives such as Anonymous, LulzSec, GhostSec, or Anonymous Sudan; others align with geopolitical conflicts, such as IT Army of Ukraine, Killnet, NoName057(16), and Cyber Av3ngers. Capabilities range from basic DDoS-as-a-service to credential leaks of millions of records. Hacktivism frequently overlaps with nation-state operations either through deniable proxies or simply through state-aligned ideology, which complicates attribution and policy responses.
How do you defend against Hacktivist?
Defences for Hacktivist typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Hacktivist?
Common alternative names include: Political hacker.
● Related terms
- defense-ops№ 1145
Threat Actor
An individual or group that intentionally causes or attempts to cause harm to information systems, organisations, or people through cyber operations.
- attacks№ 329
Distributed Denial-of-Service (DDoS) Attack
A denial-of-service attack carried out from many distributed sources simultaneously — typically a botnet — to overwhelm a target's bandwidth, infrastructure, or application.
- defense-ops№ 714
Nation-State Actor
A government-sponsored or government-aligned threat actor that conducts cyber operations to pursue strategic, intelligence, military, or economic objectives.
- defense-ops№ 1148
Threat Intelligence
Evidence-based knowledge about threats and threat actors — including indicators, TTPs and context — used to guide security decisions and detection.
- malware№ 354
Doxware
Malware that threatens to publish stolen sensitive data unless a ransom is paid, combining extortion with data-leak blackmail.
- attacks№ 017
Advanced Persistent Threat (APT)
A stealthy, well-resourced threat actor — typically state-sponsored — that gains long-term, undetected access to a target network to steal data or pre-position for disruption.
● See also
- № 977Script Kiddie
- № 457Hacker