Hackers are our enemies
This is behind a paywall but I've copied and pasted the article (long but interesting)https://www.thetimes.com/article/e23e4c23-1485-4f0b-8b90-8a1a53a3113eAn alliance of pro-Russian and pro-Palestinian hackers are launching cyberattacks every week against British organisations and state agencies, including the armed forces, security services, infrastructure operators and councils.United by a shared opposition to liberal western values, the Holy League coalition of about 90 so-called hacktivist groups came together with the stated intention of waging cyberwarfare against Ukraine, Israel and their allies.The coalition includes groups believed to be working alongside Russia’s military intelligence branch, the GRU, as well as hackers said to have been trained by the Iranian Revolutionary Guard Corps (IRGC).Analysts have said that Britain’s more prominent leadership role in support of Ukraine over the last two months has made it a bigger target.Though the majority of these attacks are crude and low-impact, GCHQ has recently warned of a growing threat from state-aligned hacktivists, who are increasingly looking to target critical national infrastructure systems in an attempt to sow societal unease.Last month, hackers claimed to have carried out simultaneous attacks on the websites of the British Army, Royal Navy and Office for Nuclear Security. It was announced on the group’s Telegram channel with the words: “Our message is clear: this is just a warning … and worse is yet to come.”The MI6 website was also targeted. Both attacks were carried out by a Holy League member who goes by the name Mr Hamza, a pro-Palestinian hacker thought to be based in Morocco. The group has previously claimed attacks on other intelligence services around Europe.In January, the signing of a 100-year partnership between Britain and Ukraine prompted a wave of attacks from a pro-Russian Holy League member, NoName057(16), against several local councils, the North East Combined Authority and National Highways. A month earlier, the group launched similar attacks in retaliation to Ukraine’s use of British Storm Shadow missiles against Russian territory.The vast majority of cyberattacks carried out by these groups are unsophisticated distributed denial of service (DDoS) strikes, which render a website, server or online service inaccessible by overwhelming it with a flood of internet traffic from multiple sources.• Russian hackers pose as remote IT staff on Microsoft TeamsThe groups will typically provide evidence for their claims in the form of “check host” links that show how long a website was not working. This is often little more than a few minutes, though in some cases it can last several hours or even days.For sites that require users or employees to log in to access services and information this can also cause significant disruption. DDoS attacks can also interfere with a site’s defences making it easier to hack into.Earlier this month, X was hit by a major DDoS strike causing a prolonged outage of more than six hours. Elon Musk, the chairman of X, said that hackers in Ukraine had been behind it, however a pro-Palestinian group called Dark Storm Team later took responsibility. Dark Storm Team is not part of the Holy League, but has in the past worked alongside its members.The Holy League was founded at the end of last summer by a cybercriminal called Abu Omar, who is also leader of the Cyber Islamic Resistance, a member of the league.In November, he gave an interview to a Russian state-media agency in which he said he worked with partners from Russia, Belarus, Morocco, Egypt and Algeria and “also with my brothers in the Middle East.” He also claimed that members of Cyber Islamic Resistance were trained by the Badr Organisation, an IRGC militia in Iraq.Asked what victory looked like, Omar said: “I want the conflicts to end with the destruction of the ‘Evil Empire’, including Ukraine, Israel and Nato.”Among the league’s members is the Cyber Army of Russian Reborn (Carr), a group suspected of working on behalf of APT44, the GRU’s cyberwarfare unit, which for more than a decade has worked to infiltrate and infect Ukrainian and western systems through sophisticated hacking operations.Ben Read, a senior manager at Google Threat Intelligence Group, said that his team had found that YouTube accounts for Carr were set up from an IP address known to be controlled by APT44, which is better known as Sandworm.“We have observed a close operational relationship between APT44 and Cyber Army of Russia Reborn and judge that the operators behind APT44 have the ability to direct and influence Cyber Army of Russia Reborn’s activity across multiple platforms,” he said.In July 2024, two members of the Carr — Yuliya Pankratova and Denis Degtyarenko, both Russian citizens — were sanctioned by the US Department of the Treasury for hacking water facilities in both the US and Poland, as well as disrupting operations at a facility in France.On December 4, Carr and NoName057(16) claimed to have launched a joint attack on the M6 toll road in Britain. Pankratova’s husband, Artem, is behind NoName057(16), according to Molfar, a Ukrainian intelligence firm.For several months now, Britain’s cybersecurity chiefs have warned of the growing threat posed by hackers. At the end of last year, the National Cyber Security Centre (NCSC), part of GCHQ, said there was “a widening gap” between increasingly complex threats and the UK’s capability to defend critical national infrastructure.In its annual review, the NCSC said that Russia and Iran were looking to encourage “a new wave of state-aligned hacktivism”, citing Carr as an example, adding that these groups posed “an active threat to poorly-defended critical systems far beyond their traditional activities of DDoS attacks”.“The NCSC has seen a stark increase in the focus on critical national infrastructure systems, as hacktivist groups strike to compromise these systems for political effect and propaganda victories,” the review said.Pascal Geenens, the director of threat intelligence at Radware, a cybersecurity firm that tracks attacks by hacktivist groups, said he had seen a marked increase in the precision and co-ordination of politically motivated DDoS campaigns.“After several years of continuous attacking, building experience, and gathering a following, hacktivists such as NoName057(16) are becoming better organised, and their attacks are increasingly sophisticated,” he said.Another cybersecurity expert, who asked not to be named for fear of reprisal, said that hacktivists aimed to function as “agents of chaos”. “If you can create the illusion of chaos and things failing you can create the narrative that the government isn’t doing enough to protect you,” he said.A government spokesman said: “We don’t routinely comment on cyberactivity claimed by online groups. The government is committed to using all of its levers to disrupt cyberthreats and to keep the public safe.”
Lucille Grant ● 21h9 Comments ● 9h