Top 5 Most Famous Hacker Groups

Although the term “The Big 5” refers to the five largest accounting firms in the world, or even to the five main personality traits, we believe it can be borrowed for the cyber security world as well.

 The top 5 notorious hacker groups in the world became household names not only among cyber geeks and law enforcement agencies.

So meet our Big Five, the hacker groups that made global headlines and entered the world’s collective consciousness.

1) Anonymous

The infamous hacker group Anonymous has been operating in the shadows of the cyber world for two decades, wreaking havoc and making global headlines by hacking into the biggest companies and the most powerful governments

Anonymous first appeared in 2004, on the 4chan message board that had been established a year earlier. In the early days of the forum, many users would flood game chat rooms and other forums with what they called “Raids”. The traffic congestion was causing these chat rooms to shut down due to overload.

The main philosophy of the hacker group Anonymous is opposing to governments and private organizations that work to promote inequality and censorship, according to the view of the group’s members.

Their real publicity came in 2008 after they attacked the Scientology Church. Operation “Chanology” is the name given to a series of attacks on the famous church in January 2008. These attacks included the shutdown of church websites by DDOS and the loading of phone calls and faxes designed to use up all of the church’s ink. Although it might sound unimpressive and even a bit low-tech, but in 2008 fax was still one of the main means of communication, and the attack cost the church not only its reputation but also a considerable financial fee.

Video released by Anonymous after the attack on the church.

After Operation “Chanology”, the group managed to attack high-profile organizations every year, sometimes several times, and make headlines. Like in 2010 when Anonymous announced full support for WIKILEAKS and started DDOS attacks on Mastercard, Visa, PayPal, Amazon and SWISS Bank in response to actions seen as anti-WIKILEAKS, such as stopping donating to the site. After the founder of the site was arrested in London, Anonymous disabled the website of the Swiss Ministry of Justice because they demanded that England hand over the detainee. The website of the Zimbabwean government was also shut down because they censored the site.

For the team’s full offensive history, continue to our full article about Anonymous history.

2) Lizard Squad

Lizard Squad was a notorious hacker group that claimed responsibility for some of the largest hacks and DDoS attacks in the history of the gaming industry, including attacks on the Xbox and PlayStation networks.

Their first attack began on August 2014 on League of Legends servers. When they succeeded, the group brought down the PlayStation corporate network in a DDOS attack. The victims were only able to get the servers back after a whole day.

The FBI became involved when the group tweeted a bomb alert on Sony CEO John Smedley’s plane, sowing chaos and causing the flight to change course.

A month later, in September 2014, the group attacked several giant companies known in the gaming industry, such as FIFA, Call of Duty, and The Sims 4.

The group mainly uses DDOS to attack its targets. 

DDOS attacks, or denial of service,  is a name for a family of cyber attacks that disable computer systems by creating unusual traffic loads.

To create this load hackers seek infected devices and use them as malicious traffic sources.  Hackers can target any device that is connected to the Internet and infected with malware. These devices can work without interference so that device owners are not aware that their cell phone has been forcibly “recruited” to an “army of bots”.

It is estimated that LIZARD’s bot army contains between 120 thousand and 150 thousand bots, ranging from computers and routers to smart refrigerators and other household appliances.

Their most significant attack occurred on December 1st 2014, and lasted eight days, starting with the shutdown of the Xbox and PlayStation networks. On December 22, North Korea’s limited access to the Internet was blocked, and the hacker group claimed responsibility on its Twitter account.

On December 25, Christmas Day, the group took down Xbox and PlayStation again, and then in January went on a rampage with attacks on Malaysia Airlines.

But the end came just as swiftly. An unknown group called Finest Squad hacked Lizard Squad’s Twitter account and website and published personal details about the hackers.

The Finest Squad group discovered how Lizard Squad managed to penetrate and bring down the servers of the gaming giants and passed the information on to the relevant parties in the companies.

We've submitted vulnerabilities we found on Xbox Live and Playstation Network to their administrators. Hopefully they will take action.

— Finest (@FinestSquad) December 14, 2014

3) Syrian Electronic Army

The hacker group that first appeared in September 2011 to support the regime of Bashar al-Assad managed to wreak havoc and place itself on the dubious list of the most infamous hacker groups in a short time. Although the SEA claims to be independent and not state-sponsored, research by the University of Toronto shows that it is highly likely that the SEA has its origins in the Syrian Computers Society, which Assad himself led in the 1990s.

In April 2011, just days after the riots against the Assad regime turned violent, the group emerged on social media. Since then, several websites have been attacked, including the websites of the prestigious Harvard University.

In 2012, they attacked LinkedIn, which directed all surfers to a site supporting Bashar al-Assad.

In 2013, the Twitter account of a news site was hacked and they published a post stating that the White House had been attacked and President Barack Obama was injured, which caused significant declines in the stock market.

The year 2013-2014 was a fruitful year in terms of work for the Syrian Electronic Army group, and they attacked no less than 20 high-profile websites, including eBay, Paypal, Forbes, and Facebook.

In 2016, one of the leaders of the group, Peter Romer, was arrested in Germany and extradited to the United States, where he pleaded guilty and was convicted.

4) LulzSec

Although the group was active for a relatively small amount of time, it managed to put its name on the unflattering list. What was later revealed to be a group with 7 key members, LulzSec first became public after an attack on the FOX news network and the leaking of personal information of employees and Xfactor contestants. The group was later found to be an expert at finding and hacking weakly secured websites, using fairly direct attacks such as DDOS and SQL injections. It attacked a number of important websites, such as the CIA and FBI websites, and sometimes carried out what the media called “pranks” rather than significant cyber attacks. What contributed to this amusing image was their posting on Twitter that they sometimes carry out the attacks “for fun”, and not for any ideological purpose.

They attacked the gaming industry many times, including Play station, Nintendo and Sony, but were also quick to defend the director of the WikiLeaks website, similar to their friends in the Anonymous group.

In total, they operated for a year in 2011, after which they were caught by law enforcement in various parts of the world – London, Ohio, Virginia, Lincolnshire, and more.

5) Bureau 121

Although North Korea has restricted its citizens from internet access as part of its dictatorial rule, it still manages to export the most destructive hacker groups. Bureau 121 works under the RGB, North Korea’s secret intelligence organization, which collects information on those considered significant enemies by the regime such as South Korea, Japan, and the United States. It was established in the early 1980s, and since 1998 has grown significantly with over 6,000 members operating from anywhere in the world. The group attacks many industries and uses the ransom payments it receives and the money it steals to continue its operations and add money to North Korea’s coffers.

Bureau 121 has 4 units under it that manage the country’s cyber warfare:

• Andariel Group
•  The Bluenoroff Group
•  Electronic Warfare Jamming Regiment
•  Lazarus Group

Often the group does not take responsibility for attacks, unlike other hacker groups that pride themselves on this. However, cyber researchers were able to link them to significant cyber attacks, including:

• The attack on Sony – In November 2014, the group attacked Sony Pictures Entertainment. They gained unauthorized access to the company’s network and managed to extract private information, salaries, emails and content that had not yet been published and leaked to the network. The hack caused the destruction of the network infrastructure and forced the shutdown of many computer systems. During the hack, the organization demanded that Sony take down its upcoming film “The Interview” – a comedy about an assassination plot against North Korean leader Kim Jong Un – and threatened terrorist attacks on cinemas showing the film. After many major US cinema chains chose not to screen “The Interview” in response to these threats, Sony canceled the film’s official premiere and release, opting to skip straight to a downloadable digital release. Sony’s decision to pull the plug on the theatrical distribution of “The Interview” resulted in massive financial fines. However, the film studio’s reputation has already taken a big hit.
• SWIFT Bank – In 2015/2016, a series of cyber attacks exploiting the SWIFT banking network was revealed, which successfully stole millions of dollars. The hackers used malware and phishing to infiltrate the bank’s systems and hijack the target’s high-value accounts. It allowed them to gain control of the banks’ fast approvals, and use those approvals to send money transfer requests to fictitious accounts controlled by the hackers. According to reports, the North Korean government has ordered Bureau 121 to attack banks in about 18 countries in an attempt to raise funds after the international community imposed sanctions over its ballistic missile test.
• The WannaCry ransomware virus- In May 2017, computers around the world were attacked by ransomware known as WannaCry. The cyber attack used a software vulnerability allegedly created by the NSA, and published by the hacker organization The Shadow Brokers a month before. The ransomware spread across the globe, penetrating computers with older Windows operating systems. The software encrypted files, wreaking havoc on hospitals in the UK, FedEx USA, and many other victims around the world. Many users lost access to their files during these attacks and were only able to regain access after paying the ransom in Bitcoin.

In addition, the malware exploited weaknesses found in older systems, weaknesses developed by the NSA at the time to allow them easy access to surveillance.

The attack began in May 2017 and was not a one-time event. It infected more than 230,000 computers in more than 150 countries, with losses of more than $4 billion in its first day alone. United States federal prosecutors stated that North Korea was behind the attack.