"There are also unique cases. For example,

tanjimajuha20 · Post by **tanjimajuha20** » Sun Jan 19, 2025 8:05 am

hacktivists prefer to rely on tools available on the Internet and Living on the Land - that is, rely on legitimate software in the operating system. He noted that in 2024, the number of hacktivist attacks on Russia and the Republic of Belarus remains high, but their "style" has changed. If in 2022, attackers preferred to "DDoS" victims, now the number of targeted attacks has increased.

the Shedding Zmiy hong kong telegram group we are monitoring is actively developing its own malware and using techniques that allow it to be as stealthy as possible. However, at the final stages of an attack, when the data has been obtained or the attack has not gone according to plan, they have a destructive impact on the infrastructure. They publicly cover their actions in Telegram channels," said Gennady Sazonov.

Ruslan Amirov, Head of Jet CSIRT Expert Monitoring and Response Services at Jet Infosystems JSC, spoke about the use of legitimate software by attackers in terms of information security tools. According to him, the company's experts encountered attackers who used AnyDesk software during incident investigations in 2024. He noted that the activity of open source software DiskCryptor increased at the end of 2024.

"In general, attackers have increasingly begun to use absolutely legitimate tools in attacks from the point of view of information security systems to reduce the likelihood of detecting their activity. Thus, the used combination of DiskCryptor, MeshAgent, PsExec will not arouse suspicion in the installed antivirus, except that detection with a formulation like *not-a-virus* is possible. In addition, such an attack can be implemented using other legitimate tools: for example, the ShrinkLocker encryptor uses Bitlocker built into Windows," said Ruslan Amirov.

Development Manager of UserGate LLC Alexander Lugansky noted that the tools of hackers who carry out targeted attacks have not changed: they try to use software that is difficult to detect and as similar as possible to legitimate software both in name and functionality. According to him, this allows them to achieve their goals and gain access to information and control over devices.

"The goal of hacktivists' activities, as a rule, is to gain public resonance. These can be attacks on information resources of the media, government agencies working with the population, IT systems of retail chains. Such attacks rarely cause serious damage to the infrastructure, and its functionality is restored fairly quickly. The organizers of ART attacks often play the long game. Their goal is to remain unnoticed on the network for as long as possible, constantly expanding their opportunities for access to the necessary information and hidden influence on the internal processes of the organization," he concluded.