The cybercrime scene has seen a dramatic change since the start of the Russia-Ukraine war in 2022, as pro-Russian and pro-Ukrainian hacktivists have intensified their online conflicts.
The increase in hacktivist-driven distributed denial-of-service (DDoS) attacks, website defacements, and data breaches has mirrored real-world geopolitical turmoil.
With the recent changes in U.S. foreign policy particularly questions regarding American military support to Ukraine following President Donald Trump’s inauguration in January 2025 Europe has responded by increasing its own defense spending and reinforcing sanctions against Russia.
This recalibration has not only influenced state policy but also galvanized pro-Russian hacktivist groups targeting perceived adversaries across the continent.
Group Dynamics
The impact of these political developments is exemplified by events such as Lithuania’s strong statements against Russia and calls for heightened Ukrainian aid, which triggered the launch of #OpLithuania in May 2025.
Seven pro-Russian hacktivist groups including Dark Storm Team, Mr Hamza, NoName057(16), Russian Bears, ServerKillers, and Z-PENTEST ALLIANCE coordinated DDoS and cyber-espionage campaigns against Lithuanian financial and governmental sectors.
Such attacks were not isolated, as similar actions targeted entities in Poland during its June presidential election, aiming to sow propaganda and respond to Poland’s enhanced military readiness.
The digital battlefield has also extended beyond Europe, as seen during Israel’s full-scale military operation against Iran in June 2025, and subsequent U.S. airstrikes on Iranian nuclear facilities.
In retaliation, pro-Iranian and other Middle Eastern hacktivists coordinated with pro-Russian groups, notably TwoNet and ServerKillers, to conduct attacks on Israeli infrastructure, further entangling regional conflicts with cyber operations.
Within this complex threat landscape, NoName057(16) has emerged as a leading pro-Russian hacktivist entity, succeeding groups like KillNet whose activities waned as they shifted toward financially motivated cybercrime.
NoName057(16) maintains a steady tempo of operations, leveraging their DDoSia project to crowdsource attacks primarily against NATO states and Ukrainian supporters, often incentivizing volunteers with cryptocurrency rewards.
%20group.webp)
The group selectively triggers attacks in response to current military or political events, maximizing impact and rallying collaborative efforts from ideologically aligned actors.
Recent investigative efforts by intelligence organizations and cybersecurity firms have raised questions about the extent of Russian state direction or funding of these groups.
While U.S. Treasury sanctions in July 2024 targeted leadership within the Cyber Army of Russia Reborn (CARR), links to state security agencies remain circumstantial, although forensics firm Mandiant has identified operational overlaps with Russia’s GRU-attributed Sandworm (APT44) unit.
Ukrainian research outlets have published personal data of group members allegedly connected to Russian state structures, but these claims remain unconfirmed by Western intelligence sources.
Rising Threats from New Entrants
According to Intel47 Report, In 2025, new pro-Russian hacktivist organizations have surfaced with distinct operational tactics.
The IT Army of Russia, founded in late March, has conducted DDoS attacks and data theft operations against Ukrainian digital infrastructure, often targeting small businesses and seeking insider recruitment via Telegram bots.
Another group, TwoNet, specializing in DDoS attacks across Europe especially in Spain, Ukraine, and the UK leverages tools such as MegaMedusa Machine, often collaborating with other pro-Russian actors and sector-specific groups.
The continued evolution and coordination of these pro-Russian hacktivist collectives underscore the increasing integration of cyber operations into traditional geopolitical conflicts.
As Europe responds with greater military commitments, and as alliances form and dissolve within the hacktivist ecosystem, the cyber threat landscape is set to remain highly dynamic and deeply entwined with broader geopolitical developments.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
