In the ever-changing landscape of cybersecurity, hacktivist groups continue to employ diverse funding methods to support their political or ideological operations. These groups utilize common cybercrime tactics, such as data theft, ransom demands, selling malware, and offering hack-for-hire services, to sustain their activities. In this blog, we will delve into two prominent hacktivist groups, Killnet and Phoenix, examining their funding strategies and the potential implications for cybersecurity.

Killnet: A Multi-Faceted Funding Approach

Killnet, a hacktivist group driven by political motives, showcases an array of funding methods that allow them to maintain their operations effectively.Hack-for-Hire and DDoS Services In March 2023, Killnet launched a hack-for-hire service, providing aspiring hackers with the means to conduct cyberattacks on targets. Their DDoS-for-hire service, introduced in July 2023, further expanded their offerings, enabling them to disrupt online services of targeted organizations or individuals.

'Dark School' Training Program To monetize their expertise and attract more recruits, Killnet introduced a 'Dark School' training program in May 2023. They offered nine hacking courses to interested individuals, nurturing a new generation of cybercriminals.

Cryptocurrency Exchange Platform Capitalizing on their growing Telegram following, Killnet announced a cryptocurrency exchange platform charging a service rate between 3-4%. This move not only expanded their revenue streams but also provided a degree of anonymity in financial transactions.

Data Theft and Ransom Extortion Between November 2022 and April 2023, Killnet attempted to sell logs, data, and network access on various platforms, while also extorting victims with DDoS attacks or the threat of releasing stolen data. This approach allowed them to gain financial leverage over targeted entities.

Hacktivist Group Leaks Personal Data of Indian Government Officials

A hacktivist group, known as "Hacktivist," recently conducted a significant security breach, leaking the personal data of over 10,000 Indian government officials. The leaked data includes names, addresses, phone numbers, and email addresses.

Motivation and Threats

The hacktivist group claims that the data leak is a retaliation against the Indian government's crackdown on dissent. They have further threatened to release more data if the government does not release political prisoners.

Implications and Concerns

The leaked personal data poses serious risks to the affected officials and citizens:

• Identity Theft: Criminals could potentially misuse the leaked information for identity theft or other fraudulent activities.
• Misinformation and Propaganda: The leaked data might be exploited to spread misinformation or propaganda, potentially causing social unrest or tarnishing reputations.
• Ransom Demands: After infiltrating an organization's network and stealing sensitive data, hacktivists may demand a ransom in exchange for not leaking the information publicly. They leverage the fear of reputational damage or regulatory repercussions to extort money from their victims.

Phoenix: A Rising Threat with Diverse Monetization Techniques

Phoenix, initially a sub-team of the infamous Legion hacktivist group, has emerged as a pro-Russian DDoS group, employing alternative funding methods to sustain their activities.

Stolen Data Sales Starting in March 2023, Phoenix began selling stolen data on Telegram, enabling them to profit from illicitly obtained information.

Private DDoS-for-Hire and Personal Training Phoenix's leader offers personalized hacker training courses via Telegram, charging significant fees of up to $2,675. Moreover, the group privately offers DDoS-for-hire services to select clients, further augmenting their revenue streams.

Live Streaming Cyberattacks In April 2023, Phoenix announced plans to live stream their cyberattacks, allowing the highest bidder to witness the attacks in real-time. This audacious move has the potential to attract both thrill-seeking spectators and malicious actors.

Implications for Cybersecurity

• The funding tactics employed by hacktivist groups like Killnet and Phoenix underscore the evolving nature of cybercrime and the challenges faced by cybersecurity professionals and organizations worldwide.
• Increased Sophistication and Innovation Hacktivist groups are becoming increasingly sophisticated in their monetization techniques, using cryptocurrency exchanges and offering personalized services. This innovation poses a significant challenge for law enforcement agencies and cybersecurity experts.
• Expanding Recruitment Base By offering training programs and hacker courses, hacktivist groups like Killnet can attract more recruits, bolstering their ranks with individuals eager to engage in cybercriminal activities.
• Heightened Ransomware Threat The trend of extorting victims with ransom demands, prevalent in both Killnet and Phoenix's funding strategies, exacerbates the ongoing ransomware threat faced by organizations and individuals alike.
• Spectacle-driven Attacks Phoenix's announcement to live stream their attacks may attract a new breed of cybercriminals who seek notoriety and financial gain from their destructive activities.

Conclusion

The funding methods utilized by hacktivist groups have evolved to encompass a wide array of cybercrime tactics, enabling them to sustain their operations and expand their reach. To combat this evolving threat landscape effectively, collaboration among international law enforcement agencies, cybersecurity professionals, and tech companies is crucial. Only through such joint efforts can we hope to stay one step ahead of hacktivist groups and protect the digital realm from their malevolent activities.