Investigating Hacktivist

When investigating a client cyber threat landscape, it’s important to focus on countries with historical or geopolitical tensions with the client nation. Hacktivist groups often DDoS or Deface the cyberspace of adversarial nations, especially during disputes related to land, history, or ongoing conflicts. For instance, hacktivists from Russia and Ukraine, China and Taiwan, Morocco and Algeria, or India and Pakistan, frequently engage in cyberattacks due to their longstanding tensions.

In this context, if you’re tasked with a RFI, the investigation should begin by identifying nations with geopolitical or historical issues relevant to the client’s country.

Once you’ve pinpointed the potential adversarial nations, look for common keywords or phrases associated with those regions and mix with “Anonymous xyz” or “Anon xyz” or “Team xyz” or search hastages like hashtag#op<targetcountryname> on X, or search engines(+ dorking).

This can help identify specific hacktivist groups or cyberattacks linked to those countries. Additionally, leverage Telegram similar channels feature to find related channels and groups.