The word “hacker” often evokes the image of the classic nerd boy sitting in front of the computer with the hood, intent on penetrating computer systems, acting undisturbed by the darkness of his bedroom. But the reality is much more complex, given that more and more hackers do not act like lonely wolves, but in a group. In the last 20 years, real collectives have developed, organized and capable of complex operations globally. These hacker groups have very different objectives: some aim for economic earnings, others aim to sabotage or spying, others still try to highlight vulnerability to push companies and governments to protect themselves better. That’s why they are classified in three main categories:
- Black Hat (black hats): they are computer criminals oriented to theft or authority.
- White Hat (white hats): they are ethical hackers hired by companies and institutions to identify safety flaws to be corrected before they are discovered by the “black hats”.
- Gray Hat (gray hats): they infiltrate the computer systems without authorization with the intention of discovering and reporting vulnerabilities, sometimes asking for compensation, rather than causing illegal damage or earnings.
In this study we will particularly get to know 5 groups of hacker Black Hat more closely, which are among the most feared in recent years.
- 1lazarus Group
- 2Tailored Access Operations
- 3dragonfly
- 4lockbit
- 5anonymous
Lazarus Group
Lazarus Group was born in North Korea in 1998 as part of the Reconnaissance General Bureaua North -Cup military intelligence agency. The group made himself known by the general public with the attack on Sony Pictures in 2014, when internal e-mails were published, employees’ sensitive data, copies of films not yet released, future cinematographic plans, and much more, generating estimated damage for $ 15 million for the company. The most famous episode, however, remains that relating to a ransomware (it would be a malware that blocks access to data up to the payment of a redemption), which became known as WannaCry. In 2017, this Ransomware managed to infect over 200,000 computers around the world, exploiting a vulnerability of Windows and causing damage to about 4 billion dollars.
Tailored Access Operations
In this ranking of Hacker collectives we decided to also insert Tao (Tailored Access Operations). It is not a criminal group: it is a NSA unit (National Security Agency) and we have included it in this top 5 as it represents an interesting example of how the same techniques used by the criminal groups can be applied in the government field for strategic and national security reasons. Tao has been active since 1998 and is dedicated to the collection of information from foreign governments through the infiltration of software and hardware. His existence was made known by the documents revealed by Edward Snowden, former NSA consultant. To achieve his purposes, Tao uses vulnerability of routers, firewalls and other network devices to penetrate critical systems.
Dragonfly
Dragonfly, also known with the names Crouching Yeti, Iron Liberty or Berserk Bear, is attributed to the FSB (Federal Security Service of the Russian Federation), the Russian Federal Security Service, and has been active since 2010. The group aims to target critical infrastructures, such as power plants and water distribution and companies related to the air and defense sector, using Spear Phishing techniques (a sort of highly personalized phishing and aimed at specific users) and attacks on third party suppliers with lower safety levels. Among the best -known cases are the attacks on Ukrainian electrical companies with the Blackenergy malware, which have caused Blackouts extended to thousands of citizens. Dragonfly is the clear example of how hacking can be a real geopolitical weapon.
Lockbit
Lockbit, born in Russia in 2019, operates like Radas (Ransomware-AS-A-Service), a model in which a group provides paid ransomware to other IT criminals to allow them to perpetrate attacks. Among the best-known cases there is the attack on the Corte Corbeil-Essonnes Hospital Center in Paris, which paralyzed vital medical systems until the payment of a ransom of $ 10 million has been made. Lockbit shows how modern computer crime uses structured and global business models.
Anonymous
Anonymous is probably the only collective you have heard of at least once, since it is particularly famous. Its peculiarity lies in the fact that it is not a group like those already mentioned: it is rather a group of activists hackers (the group itself is called hacktivist) without a leadership. Born in 2004, he manifested himself for the first time in 2008 with operations against the Church of Scientology, continued attacks against Ku Klux Klan, ISIS and childish pornography, up to the latest actions against Russia due to the war in Ukraine. The motto «We are Anonymous. We are legion. United as one, divided from scratch. We do not forgive. We don’t forget. Wait on it!»Reflects the ideological mission of the group, which combines hackers from all over the world in coordinated operations although not guided by a well -defined hierarchy.
