List of hacker groups

Last updated January 26, 2025

This is a partial list of notable hacker groups, in alphabetical order:

Anonymous, originating in 2003, Anonymous was created as a group for people who fought for the right to privacy.
Anonymous Sudan, founded in 2023, a hacktivist group that claims to act against anti-Muslim activities, but allegedly is Russian backed and neither linked to Sudan nor Anonymous.
Bangladesh Black Hat Hackers, founded in 2012.
Chaos Computer Club (CCC), founded in 1981, it is Europe's largest association of hackers with 7,700 registered members.
Conti one of the most prolific ransomware groups of 2021, according to the FBI.^[1]
Cozy Bear, a Russian hacker group believed to be associated with one or more intelligence agencies of Russia.
Croatian Revolution Hackers, a now-defunct group of Croatian hackers credited with one of the largest attacks to have occurred in the Balkans.
Cult of the Dead Cow, also known as cDc or cDc Communications, is a computer hacker and DIY media organization founded in 1984 in Lubbock, Texas.
Cyber Partisans, a Belarusian hacktivist group that emerged in 2020, that performed attacks on the Belarusian government and governmental agencies.
DarkSide, a cybercriminal hacking group, believed to be based in Eastern Europe, that targets victims using ransomware and extortion.
DCLeaks, claims to be a group of "American hacktivists (though indicted individuals were found to be in Russia) who respect and appreciate freedom of speech, human rights and government of the people."
Decocidio is an anonymous, autonomous collective of hacktivists who are part of Earth First!, a radical environmental protest organization, and adheres to Climate Justice Action.
Derp, a hacker group that attacked several game sites in late 2013.
Digital DawgPound (DDP) The DDP was founded and named by StankDawg.
Equation Group, suspected to be the offensive operations wing of the U.S. National Security Agency.
Fancy Bear, a Russian cyberespionage group.
Genocide2600, a group that gained notoriety for combating child pornography. Disbanded in 2009.
Ghost Squad Hackers, or by the abbreviation "GSH" is a politically motivated hacking team established in 2015.
Global kOS was a grey hat (leaning black hat) computer hacker group active from 1996 through 2000.
globalHell was a group of hackers, composed of about 60 individuals. The group disbanded in 1999 when 12 members were prosecuted for computer intrusion and 30 for lesser offenses.
Goatse Security (GoatSec) is a loose-knit, nine-person grey hat hacker group that specializes in uncovering security flaws.
Hackweiser is an underground hacking group and hacking magazine founded in 1999.
Hafnium Possibly with Chinese associations, responsible for the 2021 Microsoft Exchange Server data breach.
Hive was a notorious ransomware as a service (RaaS) criminal organization that targeted mainly public institutions.^[2]
Honker Union is a group known for hacktivism, mainly present in Mainland China, whose members launched a series of attacks on websites in the United States, mostly government-related sites.
Indian Cyber Force is a hacktivist group that targets entities perceived to be against Indian interests. Notable incidents include cyberattacks against Canada^[3], Maldives^[4], Palestine^[5]^[6], Pakistan^[7].
International Subversives was a group of three hackers including Julian Assange under the name Mendax,^[8]^[9]^[10]^[11]^[12] supposedly taken from Horace's splendide mendax (nobly lying)^[13]^[14]^[15]^[16] and two others, known as "Trax" and "Prime Suspect" who regularly hacked into corporations like Nortel and systems belonging to a "who's who of the U.S. military-industrial complex".^[8]^[13]^[17]
Iranian Cyber Army unofficially confirmed to be connected to government.
Islamic State Hacking Division, a Jihadist hacking group associated with the Islamic State.
IT Army of Ukraine is a volunteer cyberwarfare organisation created amidst the 2022 Russian invasion of Ukraine.
Killnet is a pro-Russian group that attacked several countries' government institutions and attempted to DDoS the 2022 Eurovision Song Contest website.^[18]
L0pht, was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area.
Lapsus$, a black-hat hacker group known for using extortion tactics. active since late 2021, allegedly dumping data from Microsoft, Samsung and Nvidia, and with members arrested in March 2022.
Lazarus Group, with strong links to the North Korean government, involved in the Sony Pictures hack, the Bangladesh Bank robbery and the WannaCry ransomware attack.
Legion of Doom; LOD was a hacker group active in the early 80s and mid-90s. Had noted rivalry with Masters of Deception (MOD).
Legion Hacktivist Group, a hacking group that hijacked the Indian Yahoo server and hacked online news portals of India.
Level Seven was a hacking group during the mid to late 1990s. Eventually dispersing in early 2000 when their nominal leader "vent" was raided by the FBI on February 25, 2000.
Lizard Squad, known for their claims of distributed denial-of-service (DDoS) attacks^[19] primarily to disrupt gaming-related services. Currently broken up.
Lords of Dharmaraja, an India based security hacking group which threatened in 2012 to release the source code of Symantec's product Norton Antivirus.
LulzSec, a group of hackers originating and disbanding in 2011 that claimed to hack "for the lulz".
Masters of Deception, MOD's initial membership grew from meetings on Loop-Around Test Lines in the early- to mid-1980s. Had noted rivalry with Legion of Doom (LOD).
milw0rm is a group of "hacktivists" best known for penetrating the computers of the Bhabha Atomic Research Centre (BARC) in Mumbai.
NCPH is a Chinese hacker group based out of Zigong in Sichuan Province.
Noisebridge, a hackerspace located in San Francisco which goes by the early definition of hacking and not security hacking.
Noname057(16) a Russian speaking hacker group, attacks aligned with Russia's invasion in Ukraine
OurMine, a hacker group of unknown origin that has compromised various websites and Twitter accounts as a way of advertising their "professional services".
P.H.I.R.M., an early hacking group that was founded in the early 1980s.
Phone Losers of America, an internet prank call community founded in 1994 as a phone phreaking and hacking group.
Play, a ransomware extortion group, experts believe them to be from Russia.
Powerful Greek Army, is a Greek group of black-hat computer hackers founded in 2016.
RedHack is a socialist hacker group based in Turkey, founded in 1997. They usually launch attacks against the Turkish government's websites and leak secret documents of the Turkish government.
Rhysida group behind the 2023 British Library cyberattack and the Insomniac games dump using ransomware-as-a-service.
Rocket Kitten or the Rocket Kitten Group is a hacker group thought to be linked to the Iranian government. Formed in 2010 by the hacker personas "Cair3x" and "HUrr!c4nE!".
Sandworm, also known as Unit 74455, a Russian cyber military unit of the GRU.
The Shadow Brokers (TSB), originating in summer 2016. They published several leaks containing hacking tools, including several zero-day exploits of the National Security Agency (NSA).
ShinyHunters is a Hacker Group that is said to be responsible for numerous data breaches in 2020 and 2021.
TeaMp0isoN is a group of black-hat computer hackers established in mid-2009.
Telecomix, a hacktivist group mainly known for circumventing internet censorship during multiple political events.
TeslaTeam is a group of black-hat computer hackers from Serbia established in 2010.
TESO was a hacker group originating in Austria that was active primarily from 1998 to 2004.
The Unknowns is a group of white-hat hackers that exploited many high-profiled websites and became very active in 2012 when the group was founded and disbanded.
Turla one of the most sophisticated groups supporting the Russian government.
UGNazi, a hacking group led by JoshTheGod, was founded in 2011. They are best known for several attacks on US government sites,^[20] leaking WHMC's database,^[21] DDoS attacks, and exposing personal information of celebrities and other high-profile figures on exposed.su.
Vice Society, a Russian-speaking hacker group known for attacks on healthcare and education organizations
Wizard Spider Russian / Ukrainian hacker group, suspected of being behind the Ireland Health Service Executive cyberattack, sometimes called Trickbot per the malware.
Yemen Cyber Army, a pro-Yemeni hacker group that has claimed responsibility for the defacement of the London-based pro-Saudi Al-Hayat website in April 2015, as well as the exfiltration of data from the Saudi Arabia's Ministry of Foreign Affairs in May subsequently listed on WikiLeaks.
YIPL/TAP - Youth International Party Line or Technological Assistance Program, was an early phone phreak organization and publication created in the 1970s by activists Abbie Hoffman.
Xbox Underground, an international group responsible for hacking game developers, including Microsoft.
UNC1151, believed to be based in Belarus.

Related Research Articles

Hacktivism, is the use of computer-based techniques such as hacking as a form of civil disobedience to promote a political agenda or social change. A form of Internet activism with roots in hacker culture and hacker ethics, its ends are often related to free speech, human rights, or freedom of information movements.

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Emerging alongside the development of information technology, cyberterrorism involves acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, and programming scripts can all be forms of internet terrorism. Some authors opt for a very narrow definition of cyberterrorism, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

<span class="mw-page-title-main">Jeremy Hammond</span> American political activist and hacker

Jeremy Alexander Hammond, also known by his online moniker sup_g, is an American anarchist activist and former computer hacker from Chicago. He founded the computer security training website HackThisSite in 2003. He was first imprisoned over the Protest Warrior hack in 2005 and was later convicted of computer fraud in 2013 for hacking the private intelligence firm Stratfor and releasing data to WikiLeaks, and sentenced to 10 years in prison.

Anonymous is a decentralized international activist and hacktivist collective and movement primarily known for its various cyberattacks against several governments, government institutions and government agencies, corporations and the Church of Scientology.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

Operation Payback was a coordinated, decentralized group of attacks on high-profile opponents of Internet piracy by Internet activists using the "Anonymous" moniker. Operation Payback started as retaliation to distributed denial of service (DDoS) attacks on torrent sites; piracy proponents then decided to launch DDoS attacks on piracy opponents. The initial reaction snowballed into a wave of attacks on major pro-copyright and anti-piracy organizations, law firms, and individuals. The Motion Picture Association of America, the Pirate Party UK and United States Pirate Party criticised the attacks.

The Jester is a self-identified grey hat hacktivist. He claims to be responsible for attacks on WikiLeaks and Islamist websites. He claims to be acting out of American patriotism.

Anonymous is a decentralised virtual community. They are commonly referred to as an internet-based collective of hacktivists whose goals, like its organization, are decentralized. Anonymous seeks mass awareness and revolution against what the organization perceives as corrupt entities, while attempting to maintain anonymity. Anonymous has had a hacktivist impact. This is a timeline of activities reported to be carried out by the group.

Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

Christopher Weatherhead, also known by his alias Nerdo, is an activist, hacker and technologist. Weatherhead was jailed for his involvement in several cyberattacks by hacker collective Anonymous.

The Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the group, researchers have attributed many cyberattacks to them since 2010.

On October 21, 2016, three consecutive distributed denial-of-service attacks were launched against the Domain Name System (DNS) provider Dyn. The attack caused major Internet platforms and services to be unavailable to large swathes of users in Europe and North America. The groups Anonymous and New World Hackers claimed responsibility for the attack, but scant evidence was provided.

The IT Army of Ukraine is a volunteer cyberwarfare organisation created at the end of February 2022 to fight against digital intrusion of Ukrainian information and cyberspace after the beginning of the Russian invasion of Ukraine on February 24, 2022. The group also conducts offensive cyberwarfare operations, and Chief of Head of State Special Communications Service of Ukraine Victor Zhora said its enlisted hackers would only attack military targets.

Anonymous, a decentralized international activist and hacktivist collective, has conducted numerous cyber-operations against Russia since February 2022 when the Russian invasion of Ukraine began.

Killnet is a pro-Russia hacker group known for its DoS and DDoS attacks towards government institutions and private companies in several countries during the 2022 Russian invasion of Ukraine. The group is thought to have been formed sometime around March 2022.

<span class="mw-page-title-main">Anonymous Sudan</span> Hacker group active since 2023

Anonymous Sudan is a criminal hacker group that has been active since mid-January 2023. They are alleged to have committed over 35,000 distributed denial-of-service (DDoS) attacks against entire small countries, government agencies, universities, newspapers, hospitals and LGBT sites. While they claim to be doing it for pro-Palestinian ideological reasons, they have attempted to extort money from victims.

SiegedSec, short for Sieged Security and commonly self-described as the "Gay Furry Hackers", was a black-hat criminal hacktivist group, that was formed in early 2022, that committed a number of high profile cyber attacks, including attacks on NATO, Idaho National Laboratory, and Real America's Voice. On July 10, 2024, after attacking The Heritage Foundation, the group announced that they would be disbanding in an effort to avoid closer scrutiny.

References

↑ Pitrelli, Monica (2022-04-14). "Leaked documents show notorious ransomware group has an HR department, performance reviews and an 'employee of the month'". CNBC. Retrieved 2023-06-25.
↑ Lowell, Hugo (2023-01-26). "US authorities seize servers for Hive ransomware group". The Guardian. ISSN 0261-3077 . Retrieved 2023-06-25.
↑ Robertson, Dylan (28 September 2023). "Cyberattacks hit military, Parliament websites as India-based group targets Canada". cbc.ca. Archived from the original on 29 November 2024.
↑ "Maldives' Home Ministry website hacked over 'anti-India actions': Report". Business Today. 2024-02-25. Retrieved 2025-01-25.
↑ Newman, Lily Hay. "Activist Hackers Are Racing Into the Israel-Hamas War—for Both Sides". Wired. ISSN 1059-1028 . Retrieved 2025-01-25.
↑ Team, DNA Web. "Israel-Palestine conflict: How Indian hackers sunk their cyber fangs into Hamas, Palestinian national bank". DNA India. Retrieved 2025-01-25.
↑ "Hacking Alert: Indian Hackers Claim to Crack Pakistani Police CCTV – Exclusive Inside Look!". Times Now. 2023-11-15. Archived from the original on 24 January 2025. Retrieved 2025-01-25.
1 2 Khatchadourian, Raffi (7 June 2010). "No secrets: Julian Assange's mission for total transparency". The New Yorker . Retrieved 16 March 2014.
↑ "The Man Behind Wikileaks: A Julian Assange Cheat Sheet". Vanity Fair. 2010-07-26. Retrieved 2022-10-13.
↑ Greenberg, Andy. "Breaking Down the Hacking Case Against Julian Assange". Wired. ISSN 1059-1028 . Retrieved 2022-10-13.
↑ "Julian Assange: the teen hacker who became insurgent in information war". the Guardian. 2011-01-30. Retrieved 2022-10-13.
↑ "The most shocking revelations to come from WikiLeaks". au.news.yahoo.com. 3 October 2021. Retrieved 2023-02-21.
1 2 Dreyfus, Suelette (1997). Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier. Mandarin. ISBN 1-86330-595-5.
↑ Bustillos, Maria (17 June 2013). "He Told You So: Julian Assange, the NSA, and Edward Snowden". Pacific Standard . Retrieved 16 September 2021. Assange's youthful hacker name was Mendax ('lying'), allegedly from Horace's phrase 'splendide mendax,' or 'nobly lying'.
↑ Harrell, Eben (2010-07-26). "Mystery Hacker: Who Is WikiLeaks Founder Julian Assange?". Time. ISSN 0040-781X . Retrieved 2023-02-13.
↑ Assange, Julian (2011-09-21). "Julian Assange: 'I am – like all hackers – a little bit autistic'". The Independent. Retrieved 2023-02-13.
↑ "Julian Assange: The man who exposed the world". Macleans.
↑ "Russian hackers declare war on 10 countries after failed Eurovision DDoS attack". techcentral.ie. 2022-05-16. Retrieved 2022-05-22.
↑ "How A Hacker Gang Saved Christmas For Video Game Players Everywhere". Business Insider. Retrieved 25 December 2014.
↑ "Manhattan U.S. Attorney and FBI Assistant Director in Charge Announce 24 Arrests in Eight Countries as Part of International Cyber Crime Takedown". fbi.gov. June 26, 2012. Retrieved 11 September 2018.
↑ Greenberg, Andy (May 22, 2012). "Hackers Impersonate Web Billing Firm's Staff To Spill 500,000 Users' Passwords And Credit Cards". Forbes. Retrieved 11 September 2018.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Pitrelli, Monica (2022-04-14). "Leaked documents show notorious ransomware group has an HR department, performance reviews and an 'employee of the month'". CNBC. Retrieved 2023-06-25.

[2] Lowell, Hugo (2023-01-26). "US authorities seize servers for Hive ransomware group". The Guardian. ISSN 0261-3077 . Retrieved 2023-06-25.

[3] Robertson, Dylan (28 September 2023). "Cyberattacks hit military, Parliament websites as India-based group targets Canada". cbc.ca. Archived from the original on 29 November 2024.

[4] "Maldives' Home Ministry website hacked over 'anti-India actions': Report". Business Today. 2024-02-25. Retrieved 2025-01-25.

[5] Newman, Lily Hay. "Activist Hackers Are Racing Into the Israel-Hamas War—for Both Sides". Wired. ISSN 1059-1028 . Retrieved 2025-01-25.

[6] Team, DNA Web. "Israel-Palestine conflict: How Indian hackers sunk their cyber fangs into Hamas, Palestinian national bank". DNA India. Retrieved 2025-01-25.

[7] "Hacking Alert: Indian Hackers Claim to Crack Pakistani Police CCTV – Exclusive Inside Look!". Times Now. 2023-11-15. Archived from the original on 24 January 2025. Retrieved 2025-01-25.

[Khatchadourian-8] 1 2 Khatchadourian, Raffi (7 June 2010). "No secrets: Julian Assange's mission for total transparency". The New Yorker . Retrieved 16 March 2014.

[:2-9] "The Man Behind Wikileaks: A Julian Assange Cheat Sheet". Vanity Fair. 2010-07-26. Retrieved 2022-10-13.

[:6-10] Greenberg, Andy. "Breaking Down the Hacking Case Against Julian Assange". Wired. ISSN 1059-1028 . Retrieved 2022-10-13.

[:7-11] "Julian Assange: the teen hacker who became insurgent in information war". the Guardian. 2011-01-30. Retrieved 2022-10-13.

[:31-12] "The most shocking revelations to come from WikiLeaks". au.news.yahoo.com. 3 October 2021. Retrieved 2023-02-21.

[Underground-13] 1 2 Dreyfus, Suelette (1997). Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier. Mandarin. ISBN 1-86330-595-5.

[14] Bustillos, Maria (17 June 2013). "He Told You So: Julian Assange, the NSA, and Edward Snowden". Pacific Standard . Retrieved 16 September 2021. Assange's youthful hacker name was Mendax ('lying'), allegedly from Horace's phrase 'splendide mendax,' or 'nobly lying'.

[:20-15] Harrell, Eben (2010-07-26). "Mystery Hacker: Who Is WikiLeaks Founder Julian Assange?". Time. ISSN 0040-781X . Retrieved 2023-02-13.

[:21-16] Assange, Julian (2011-09-21). "Julian Assange: 'I am – like all hackers – a little bit autistic'". The Independent. Retrieved 2023-02-13.

[17] "Julian Assange: The man who exposed the world". Macleans.

[18] "Russian hackers declare war on 10 countries after failed Eurovision DDoS attack". techcentral.ie. 2022-05-16. Retrieved 2022-05-22.

[19] "How A Hacker Gang Saved Christmas For Video Game Players Everywhere". Business Insider. Retrieved 25 December 2014.

[20] "Manhattan U.S. Attorney and FBI Assistant Director in Charge Announce 24 Arrests in Eight Countries as Part of International Cyber Crime Takedown". fbi.gov. June 26, 2012. Retrieved 11 September 2018.

[21] Greenberg, Andy (May 22, 2012). "Hackers Impersonate Web Billing Firm's Staff To Spill 500,000 Users' Passwords And Credit Cards". Forbes. Retrieved 11 September 2018.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

List of hacker groups

See also

Related Research Articles

References