While the relevance of hackers has never been higher in our modern world, hacking groups have been around for decades. Now more than ever, hacking groups find success in their breaching endeavors due to the large online footprints that both individuals and companies have on the Internet. The world is more connected than ever thanks to the Internet, and while that’s a great thing for the consumer, it’s also a great thing for nefarious attackers looking to obtain your “crown jewels.”
In today’s blog post from PlexTrac, we’re going to highlight some of the most (In)famous and notorious hacking groups of all time, from modern names in the industry, like Anonymous, to the famous hacking groups of yesteryear. This post will detail these groups in terms of size, location, successful breaches, and any other details known about the groups and their “careers” in the illegal online attack field.
Hacking groups are a staple of the cybersecurity and InfoSec industries. This is why they’re worth talking about. However, it is important to set the record straight on what a “hacker” actually is classified as in the industry. No, hackers are not all the stereotypical images that pop into our minds from pop culture. They are not one or a group of guys with blank white masks and black hoodies. No, the term “hacker” does not always imply that the group is formed illegally and only to cause chaos and headaches for us as the “upstanding security professionals.” And no, not all hacking is “bad” hacking. A lot of hacking is considered very good and healthy in the cybersecurity space.
The term “hacker” was first used back in the year 1969 at MIT to describe individuals there with the overarching goal to “improve existing programs to work better and faster.” This definition already implies that the word hacker started as a positive term but has since shifted over to have a largely negative connotation in the public’s eyes. Dictionary.com actually defines hacker in two ways in digital technology: First as “a person who has a high level of skill in computer technology or programming; a computer expert or enthusiast,” and second as “a person who circumvents security and breaks into a network, computer, file, etc., usually with malicious intent.”
These two definitions show a polarizing view of hacking in the public eye. So, while most of the hacking groups on this list might fit into the negative stereotypical and largely inaccurate definition of hackers, notorious groups like these are the part of the reason why the pendulum has swung to the negative understanding of the term “hackers.”
Now, let’s get to the list. Here are five of the most notorious hacking groups of all time!
It’s hard to stumble on any sort of hacker list without seeing Anonymous on the top of it. Anonymous is one of the largest and most iconic hacker groups of all time, due to the combination of their iconic, bone chilling Guy Fawkes masks and imagery and the real breaches they’ve performed successfully. A large share of Anonymous’ attacks have been performed against political figures, foreign governments, and religious groups. Some of their most high-profile attacks include their compromise of the Church of Scientology, the Canadian government, and the terrorist group ISIS. Anonymous seems to straddle the line in the community between a “hacktivist” group and a terrorist organization. Some see Anonymous as a figure akin to Robin Hood, helping better the world by disrupting corrupt organizations across the globe. However, detractors see the group as a criminal vigilante doing its best Batman impression.
Despite their polarizing reputation, nobody can deny Anonymous’ success. This is due in large part to the decentralized nature of their organization, allowing them to remain nimble and off the grid. No large figures have been “unmasked” in their group, proving this tactic’s success. While the group actually has been responsible for 45% of all hacks in the last four years, the group has been relatively inactive over the past several months. This was until June 1st, when they targeted the U.S. government over their belief in the “corruption of its government and police force.”
While some may see Lizard Squad’s victims as juvenile compared to other big hitters in the community, nobody can deny their success against their targets of choice. Lizard Squad is a black hat hacking group that mainly targets gaming companies and websites. Common targets for the organization include the game League of Legends, video game juggernauts including both PlayStation and Xbox, Malaysian Airlines, and even the social media website Facebook (though Facebook denies this attack ever taking place). The sway towards gaming may have something to do with the group’s demographic: their makeup is primarily of teenagers and young adults. The group seems to go against the old adage that “wisdom comes with age,” as their success has come despite their general youth.
Lizard Squad was apparently disbanded in the year 2014, but despite this fact their attacks keep coming. However, their more centralized location and demographic has left them vulnerable to tracking, compromise, and arrest. In fact, a number of their members were arrested in the United States after the mass attack on both the PlayStation and Xbox online servers. Despite this vulnerability, Lizard Squad’s wealth of hacking success nabs them a spot on this list.
TAO, or Tailored Access Operations, is a cyber-warfare unit of the National Security Agency (NSA) for the United States. The most important aspect of TAO is the intelligence gathering they do for the U.S. government. The NSA described TAO’s primary purpose as “Computer Network Exploitation.” The TAO basically looks to obtain intelligence by infiltrating computer systems used by foreign entities. A lot of this organization’s details were leaked by NSA contractor Edward Snowden, including a document showing the group’s software templates that allow them to break into common hardware like routers, firewalls, and switches. TAO also apparently prefers to tap into networks as opposed to individual devices and isolated computers because doing so allows them to access a greater wealth of information from all of that network’s connected devices.
Basically, the U.S. government has employed its own set of elite hackers to both protect our information and assets and attack other countries to obtain their information. The advancement of cyber-warfare lands TAO on our list based on their importance to our country and the industry. However, these “good hackers” have done some bad for the industry, too. Some of the concepts pioneered by TAO have since been used in nefarious attacks in the form of credit card swimming attacks and USB-based malware. This duality shows the importance of the organization, because both good and bad guys can learn from the group. Good guys get supplied with hints and areas to investigate for detection and remediation, while bad guys get insight that could help cut the development cycle of future attacks.
Don’t let the cute animal name fool you … Fancy Bear does damage. The Fancy Bear group, also called “Sofacy” or “APT28,” is a Russian hacking group that is suspected to be working underneath the Russian government. This group tends to target foreign governments, embassies, media companies, defense organizations, and even the Olympic games. The group was formed in 2008 by hacking the Georgian government, and has been going strong in the field ever since. The group primarily uses phishing in its attacks, targeting individuals through email with advanced persistent threats to targets, exploiting zero-day vulnerabilities.
In addition to the attacks listed above, Fancy Bear was apparently responsible for the hack of the Democratic National Convention that happened prior to the 2016 U.S. presidential election. Elections seem to be their target of choice, as they’ve recently gone after elections with both the recent attack on the German parliament and their attempt to influence the election in France in 2017. These attacks all back the motives of Fancy Bear and the Russian government, which is primarily to weaken and intimidate those perceived as hostile to Russia’s influence. However, despite these large targets the group’s members remain largely unknown. Don’t expect the group to go away any time soon, unless their identities are determined and arrests are made.
The Lazarus Group (also known as Guardians of Peace) are a group that is believed to be run and overseen by the North Korean government. This group has been very successful largely due to their specific malware attacks. Formed in 2009, the group is still active to this day. The organization had its first big name compromise in 2014 when they hacked Sony Pictures to retaliate for the release of the movie “The Interview,” which spoofed Kim Jong Un and the North Korean government. The company is also responsible for the creation of Wannacry, which is a popular ransomware software requiring victims to pay to gain back access to their data.
In addition to success on large companies, the Lazarus Group also has a large amount of success in the land of cryptocurrency. So far they’ve managed to steal $471 million from different cryptocurrency exchanges. In addition, they almost managed to bankrupt the Japanese crypto exchange CoinCheck. This group’s nefarious activity has led to a lot of backlash by the community and entire countries themselves. For example, the United States has placed sanctions on the group as a whole and froze any financial assets that were previously tied to them.
While hacking groups are a dime-a-dozen in today’s world, these five groups stick out with their recognizability, “success” in hacking, and overall impact on the industry. Anonymous is an iconic and memorable group with a massive, lasting (and apparently ongoing?) career. Lizard Squad has had big hacks on some of the biggest names in the streaming and video game world (and even Taylor Swift’s Twitter, if that helps build their resume?. And TAO, Fancy Bear, and Lazarus Group are real-world examples of some of the most powerful countries in the world equipping themselves with an equally powerful hacking group to do their online dirty work.