Hacktivist attacks escalated in 2025, targeting critical infrastructure

Hacktivist activity significantly intensified in 2025, according to Cyble's 2025 Threat Landscape report, evolving beyond traditional cyberattacks to target critical infrastructure and employ ransomware, with further coverage provided by The Cyber Express.

Groups like Z-Pentest, Dark Engine, and Sector 16 increasingly targeted industrial control systems (ICS), operational technology (OT), and Human Machine Interface (HMI) environments. Supervisory Control and Data Acquisition (SCADA) interfaces and Virtual Network Computing (VNC) environments were frequently attacked, posing significant risks. Europe was a primary target region for pro-Russian hacktivist groups. The report also highlighted a growing alignment between hacktivist efforts and nation-state interests, with evidence of state-backed financing and direction for groups like NoName057(16) and Z-Pentest. Pro-Ukrainian hacktivists also engaged in data destruction and wiper attacks against Russian entities. Overall hacktivist sightings surged by 51% in 2025, with Asia and Europe seeing the most activity.

The evolution of hacktivism into a geopolitically charged threat focused on ICS and the weaponization of ransomware signals a need for enhanced cybersecurity measures across critical sectors. The increasing sophistication and state-aligned nature of these attacks suggest a continued rise in disruptive activities targeting energy, water, transportation, and healthcare in 2026.

Source: The Cyber Express