Noname057(16) Behind 90% of State-Aligned Cyberattacks in 2024

RSA Conference — Forescout Technologies Inc., a global cybersecurity leader, today released a new report, “The Rise of State-Sponsored Hacktivism,” analyzing the escalation of hacktivist attacks in 2024 and providing predictions for 2025. The report reveals that four state-aligned hacktivist groups operating on opposing sides of the Russia-Ukraine and Israel-Palestine conflicts — BlackJack, Handala Group, Indian Cyber Force, and NoName057(16) — claimed responsibility for 780 attacks in 2024 alone. Many of these targeted critical infrastructure sectors such as government services, transportation systems, and financial institutions.

Modern hacktivism expanded from hacking for ideological causes to aiding warfare. Today’s hacktivists frequently target adversarial critical infrastructure to advance the strategic objectives of nation-states. This transformation has blurred the lines between traditional hacktivism and state-sponsored cyber operations, making it increasingly difficult to distinguish between independent activists and proxy actors working on behalf of governments.

"Nation-state conflicts have given rise to a new kind of threat: hacktivist proxies launching damaging cyberattacks," said Barry Mainz, CEO of Forescout. "This isn’t a future risk — it’s already happening, and we’re seeing escalating attacks on critical infrastructure and commercial networks worldwide. As geopolitical tensions rise, organizations must act now to close every gap and take control of their attack surface before it’s used against them."

Most Active Hacktivist Group was NoName057(16)

NoName057(16), a Russian-aligned group, was by far the most active group, accounting for 90% of attacks analyzed, primarily through large-scale DDoS campaigns targeting the websites of organizations in Ukraine and countries that support Ukraine. BlackJack (1%), Handala Group (8%), and the Indian Cyber Force (1%) accounted for the remaining attacks.

Hacktivists Attacks Spanned 40 Countries; Ukraine Was Most Targeted

• Ukraine (141 attacks), Israel (80), and Spain (64) were the most frequently targeted countries
• 82% of attacks targeted Europe, while 18% targeted Asia including the Middle East
• Less than 1% of attacks impacted organizations in the Americas

Critical Infrastructure Remains Prime Target

• 44 attacks targeted government entities, including military services
• 21% of attacks focused on the transportation and logistics sector, with key targets including ports, airports, roads, railways, and urban transportation systems
• 13% disrupted financial services, including banks, payment systems, and other financial infrastructure

“Criminal hacktivist groups will continue to escalate disruptive cyberattacks, particularly against countries involved in conflict or those supporting their adversaries,” said Daniel dos Santos, Head of Research at Forescout Research – Vedere Labs. “We expect them to prioritize industries that impact daily life, such as government services and financial institutions. While DDoS and data theft remain common, OT and IoT vulnerabilities will be increasingly exploited to cause deeper operational disruptions. It’s more important now than ever to harden defenses and improve visibility across IT and OT environments.”

For more information, review the review the full research report, blog and join the webinar.

About Forescout

For more than 20 years, Fortune 100 organizations, government agencies, and large enterprises have trusted Forescout as their foundation to manage cyber risk, ensure compliance, and mitigate threats. The Forescout 4D Platform™ delivers comprehensive asset intelligence, continuous assessment, and ongoing control over all managed and unmanaged, agented and un-agentable assets across IT, OT, IoT, and IoMT environments. Forescout’s open platform makes every cybersecurity investment more effective with seamless data integrations and automated workflow orchestration across more than 100 security and IT products.

Forescout Research – Vedere Labs is the industry leader in device intelligence, curating unique and proprietary threat intelligence that powers Forescout’s platform.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250429326220/en/

"This isn’t a future risk – it’s already happening, and we’re seeing escalating attacks on critical infrastructure and commercial networks worldwide," said Barry Mainz, CEO of Forescout.