Global Hacktivist Threats
This report contains selected insights from Graphika’s intelligence reporting on hacktivist actors and adjacent communities from February and March 2025.
This report contains selected insights from Graphika’s intelligence reporting on hacktivist actors and adjacent communities from February and March 2025. Graphika subscribers can access a full set of insights, as well as accompanying data and signals. Below is a summary of our key findings.
- Dark Storm Team, which claimed responsibility for a global X outage allegedly caused by cyberattacks on March 10, is a self-described pro-Palestine and anti-NATO hacktivist group that first emerged in 2023. The group regularly claims to conduct distributed denial of service (DDoS) attacks on targets that align with its declared political agenda, such as the websites of hospitals and transportation infrastructure in Israel and allied countries. The group has also cooperated with pro-Russia hacktivist groups in attack campaigns against Western countries.
- Illustrating a key feature of the current hacktivist ecosystem, Dark Storm is very likely motivated by financial gain as well as politics. The group often uses claims of cyberattacks on high-profile targets to advertise its DDoS-for-hire services and attempt to monetize mainstream social media attention. After Dark Storm’s unverified claims of responsibility for the X outage, the group launched its DARKSTORM Solana cryptocurrency coin.
- We’ve previously observed Dark Storm overstating the impact and significance of its claimed attacks. In this case, other hacktivist groups highlighted that a screenshot of website monitoring tool Check-Host – which Dark Storm posted as evidence of its claimed attack on X – showed targeting of a single X account, not the platform itself. In February, we also observed Dark Storm mischaracterizing targets in what the group called a series of disruptive cyberattacks on international airports and the U.S. healthcare system.
- Dark Storm and other hacktivist groups will almost certainly continue attacking high-profile commercial and government targets to gain online and mainstream media attention for their political agendas. Some will almost certainly additionally seek to exploit public attention for financial gain, such as by advertising commercial hacking services, selling cryptocurrencies and other online products, or soliciting donations.
Graphika is the most trusted provider of actionable open-source intelligence to help organizations stay ahead of emerging online events and make decisions on how to navigate them. Led by prominent innovators and technologists in the field of online discourse analysis, Graphika supports global enterprises and public sector customers across trust & safety, cyber threat intelligence, and strategic communications, spanning industries including intelligence, technology, media and entertainment, and global banking.
Download the complete PDF
The full report includes the complete network graph maps, raw attribution indicators, cross-platform topology analysis, and the full takedown timeline with platform-level data.
- Full network graph visualizations
- Attribution indicators with confidence scores
- Raw behavioral modeling data
- Takedown coordination timeline
Related Reports
Keeping Up With The Hacktivists
Examining How International Hacktivist Groups Pursue Attention, Select Targets, and Interact in an Evolving Online Landscape
Read the Report
Deepfake It Till You Make It
Pro-Chinese Actors Promote AI-Generated Video Footage of Fictitious People in Online Influence Operation
Read the Report
Unheard Voice
Evaluating Five Years of Pro-Western Covert Influence Operations
Read the ReportSee How Graphika Can Help Your Team Act on This Intelligence
This report is one of 600+ investigations Graphika’s team has published. Our platform gives your analysts continuous access to the same intelligence — plus the tools to apply it to your specific threat environment.