January 31, 2025

From Protesters to Proxies

How “hacktivists” are being co-opted by countries targeting the west

Hacktivism—hacking to enact social or political change—was once the domain of radical activists and fringe movements. But independent hacktivist groups are becoming a rarity as nation-states like Russia, China, and Iran increasingly use such organizations as covert tools to mask their true agenda: destabilizing the United States and other western countries.

The growing threat of state-sponsored hacktivism

Traditionally, hacktivism was driven by individuals or small groups advocating for causes like environmental justice, human rights, or political transparency. However, over the past decade, the tide has turned. In fact, CACI analysts estimate that a staggering 75-80% of cyber threats targeting western nations—such as the United States, United Kingdom, Canada, Australia, and EU countries—are now believed to be linked to state-sponsored actors, particularly those backed by Russia, Iran, and China. These state-backed hackers, equipped with sophisticated tools and strategies, are far more advanced than traditional hacktivists in both scale and technical capabilities.

But it doesn't stop there. The remaining 20-25% of cyber threats that appear to be the work of independent hackers are often driven by political motives and strategically aligned with the broader goals of nation-states. Ransomware groups, for example, increasingly target politically sensitive organizations, not for financial gain, but to advance ideological objectives. This has led to the rise of "cyber proxies," where states use third-party groups to conduct attacks while obscuring their involvement—a hallmark of modern cyber warfare.

Hacktivism: A new weapon in geopolitical conflicts

Hacktivism's role in geopolitical conflicts has never been more pronounced. In some cases, hacktivist groups are co-opted against their will, such as when Russian operatives hijacked Pakistani infrastructure to launch cyberattacks against European and UK targets. Such operations not only create confusion around attribution but also undermine the credibility of the affected nations when they are unable to effectively respond or expose the perpetrators.

In most cases, however, the proxy groups are willing participants. In the ongoing war in Ukraine, for example, both pro-Ukrainian and pro-Russian hacktivist groups have launched sophisticated cyber campaigns. The IT Army of Ukraine, a volunteer-driven collective, has coordinated global efforts to disrupt Russian infrastructure and counter disinformation. This army isn't just an activist group—it's part of a larger, state-aligned initiative to influence the war’s digital front. On the other side, pro-Russian groups like KillNet have targeted critical infrastructure in NATO-aligned countries, aligning their operations with Moscow’s broader strategic goals.

Meanwhile, in the Middle East, Iranian-backed APT35 has been carrying out cyberattacks against dissidents, academic institutions, and government entities. These attacks, often cloaked in the guise of activism, help Tehran pursue its regional ambitions while maintaining plausible deniability. Similarly, China’s involvement in cyber operations may be less visible, but it is no less significant. Chinese-backed hacktivist groups frequently target intellectual property, critical infrastructure, and geopolitical rivals under the guise of nationalist or ideologically motivated activism.

Conclusion: The need for next-gen threat intelligence tools

The rise of state-sponsored hacktivism is a growing threat to national security and digital stability. As these sophisticated cyber operations blur the lines between grassroots activism and state-backed warfare, organizations must be proactive in defending against attacks that often originate from the dark web. CACI's DarkBlue Intelligence Suite offers a powerful, AI-enhanced solution to track, analyze, and mitigate these emerging dark web threats in real-time.

Don’t wait for the next hacktivist or state-sponsored cyberattack to catch you off guard. Experience the full capabilities of the DarkBlue Intelligence Suite today—request a free trial and strengthen your defenses against the evolving cyber threat landscape.

Want more insights from DarkBlue? Subscribe to our newsletter for blog posts, intel, webinars, and more.