Alerts

• this report is a compilation of trends centered on hacktivists operating on the deep web and dark web.
• some alleged attacks are labeled as observations due to limited independent technical verification.

Major Issues

• Handala’s multi-pronged offensive stood out. The group used a combination of psychological warfare and subversive attacks, including a claimed FBI-linked domain attack, a DDoS attack on Lockheed Martin’s Israeli office, a claimed wiper targeting U.S. medical device maker Stryker, and the release of a map of Jordan’s fuel infrastructure and power.
• RipperSec, BD Anonymous, Hider_Nex, and others continued repeated DDoS attacks against South Korean research, defense, financial, and public institutions.
• DieNet’s “Operation Zulfiqar” escalated attacks on government, military, and infrastructure targets across the Middle East.
• telegram-based hacktivist organizing exploded, and tactical coordination between pro-Iranian and pro-Russian groups was observed.
• law enforcement achievements reported included the guilty plea of a Phobos operator, the jailing of a Yanluowang IAB operator, the dismantling of the SocksEscort infrastructure, and the arrest of a LeakBase operator.
• The prosecution of DigitalMint negotiators for conspiracy highlighted the insider threat in the ransomware landscape.

Conclusion

• geopolitical and military actions have triggered cyber retaliation, resulting in an increase in high-risk threats such as DDoS-Wiper-ICS targeting.
• law enforcement achievements such as domain seizures and arrests have been confirmed, but threat actors have quickly rebuilt their infrastructures, and persistent threats remain.
• multi-layered security, monitoring, and insider threat response are needed, considering the possibility of destructive attacks on core infrastructure and the spread of organized attacks through platforms such as Telegram.