Hacktivist Groups Attacking Industrial Control Systems To Disrupt Services

Hacktivist groups are increasingly targeting critical infrastructure’s Operational Technology (OT) systems, motivated by geopolitical issues that, unlike traditional website defacements, can disrupt essential services and endanger public safety.  

The success of high-profile attacks on Industrial control systems (ICS) by groups with minimal technical expertise highlights a worrying evolution in hacktivism, which necessitates reevaluating hacktivist tactics and their growing role in the cyber threat landscape. 

They are increasingly targeting OT systems, critical infrastructure that controls physical processes, and their goal is to disrupt operations and gain media attention for their cause.

These groups may be state-backed and can launch denial-of-service attacks or exploit vulnerabilities. 

While some boast more than they achieve, successful OT attacks pose serious threats like water utility disruption, while social media amplifies the impact of these incidents, creating a cycle that encourages further attacks.

With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis

CyberAv3ngers, an anti-Israel hacktivist group, targeted industrial control systems manufactured by Unitronics as they compromised programmable logic controllers (PLCs) using brute-force attacks and exploited default credentials, which resulted in manipulation of human-machine interfaces (HMI) in critical infrastructure like water treatment facilities. 

The attacks disrupted operations in multiple locations globally, including the Municipal Water Authority of Aliquippa and the Drum/Binghamstown Water Scheme, highlighting the ability of hacktivists to leverage basic techniques for significant impact and potentially inspiring future large-scale attacks.  

CyberArmyofRussia_Reborn, a pro-Russian hacktivist group likely affiliated with APT28 and Sandworm, has been targeting critical infrastructure since 2023.

In January 2024, they compromised water treatment plants in Texas by exploiting vulnerabilities in VNC technology to manipulate water tank controls. 

Subsequent attacks on US, Polish, and French OT environments suggest broader disruption efforts, as this hacktivist group demonstrates a concerning evolution, employing sophisticated tactics against critical infrastructure for potential political gains. 

Pro-Ukraine hacktivist group Blackjack launched a cyberattack on Moskollektor, a Russian infrastructure management organization. Using custom Fuxnet malware to target Moskollektor’s OT monitoring network, Blackjack potentially countered the ongoing geopolitical conflict.

According to Dragos, Fuxnet specifically exploited vulnerabilities in Moskollektor’s system and likely requires modification for broader attacks. 

Blackjack claimed to have disrupted sensors, infiltrated emergency services, and compromised access credentials, though the extent of the damage is uncertain, which highlights the increasing sophistication of hacktivist operations and the influence of media coverage in amplifying their impact. 

Hacktivist groups are showing increasing sophistication in their attacks on Operational Technology (OT) systems, as early groups like CyberAv3ngers exploited weaknesses in OT systems to cause disruptions, and later groups, possibly inspired by these tactics, used similar methods with more sophistication and potentially state backing to launch broader attacks. 

Now, groups like Blackjack are developing and deploying custom malware, potentially targeting physical systems, which suggests that hacktivists are more capable of causing real-world damage through cyber attacks.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo 

Aman Mishra

Recent Posts

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and their…

2 hours ago

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS environments…

14 hours ago

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling them…

19 hours ago

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases from…

19 hours ago

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting abuse…

19 hours ago

Metasploit Framework Released with New Features

The Metasploit Framework, a widely used open-source penetration testing tool maintained by Rapid7, has introduced…

22 hours ago