In recent years, a host of hacker groups have proliferated, wreaking havoc on companies and millions of people: these are the most dangerous of 2023.
For as long as the Internet and computers have practically existed, cybercriminals have taken advantage of security breaches and highly elaborate malware attacks that affect millions of people and businesses.
Currently, this type of groups has proliferated but, as always, there are some more important than others. It is for this reason that here you will find a small compilation of The most dangerous hacker groups of 2023.
Some of them have been active for many years, while others have appeared in recent years. What they all share is that they have left seriously serious attacks that have affected companies such as Apple, Microsoft or the United States Air Force, among many others.
Without further ado, here are the most active hacker groups in recent years.
REVIL
This is a group of hackers that was born in Russia in 2019 that has a very particular modus operandi: it encrypts files and information and hacks into systems, to then demand a ransom in exchange for the blocked information.
Its peak of activity was 2021, accounting for 37% of ransomware attacks that year, according to IBM Security.
Its most notable attack was on Kaseya, an IT service provider, affecting more than a million customers of the company’s managed service providers.
He has been involved in theft of Apple blueprints for upcoming products, US Army, Navy and Air Force documents, and Lady Gaga data, among others.
DarkSide
This is currently one of the most dangerous hacker groups in the world.
Hailing from Eastern Europe, DarkSide specializes in RaaS (Ransomware as a Service) attacks and is primarily known for attacking high-profile corporations around the world with stolen credentials and manual hacking with testing tools.
He was one of the main protagonists of the attacks on the Colonial Pipeline in 2021 that was responsible for the partial shutdown of the network that supplies 45% of the gasoline on the east coast of the United States.
The federal government offered a $10 million reward for information leading to the arrest of the group.
Lazarus
Not only is it one of the most dangerous active groups today, but it is also one of the longest-lived.
It was created in North Korea in 1998 and they consider themselves a cyber warfare agency that is part of the General Reconnaissance Office of the North Korean military.
His main objective? Carry out cyber operations, with its main objectives being South Korea and the United States.
Its most famous attack was the WannaCry ransomware, which infected more than 200,000 Microsoft Windows computers and caused $4 billion worth of damage.
Dragonfly
This group was born in 2010 in Russia and is attributed to the Russian Federal Security Service (FSB).
The group, also known as Crouching Yeti, Iron Liberty and Berserk Bear, is credited with hacking infrastructure entities in North America and Europe and carries out attacks using spear phishing to third-party organizations that have lower levels of network security.
The group is allegedly responsible for carrying out a DDoS attack infecting multiple power companies in Ukraine with the BlackEnergy Trojan, causing a blackout for thousands of citizens.
Morpho
Morpho, also known as Wild Neutron, Sphinx Moth, and Butterfly, has carried out attacks and stolen a multitude of information from high-profile companies such as Twitter, Apple, Facebook, and Microsoft through zero-day vulnerabilities.
To this day their origin is unknown, since they have been impossible to trace. However, the start of its activity is estimated in 2011 and everything indicates that it may be of Anglo-Saxon origin because the code is composed entirely in English and its encryption keys bear the names of American pop culture memes.
Slips$
It is a hacker group that originates from England, was born in 2021 and its main objective is to extort public organizations and companies through social engineering techniques.
Lapsus$ is unique in that it uses Telegram to recruit members from the public and uses the channel to post stolen information.
Its main attacks have been on the Brazilian Ministry of Health, which jeopardized the COVID-19 vaccination of millions of people, and other victims such as Microsoft, Samsung, Uber, Rockstar Games, Cisco and Nvidia are also attributed.
NoName057
It is a Russian group that was born a few years ago to which several important attacks are attributed.
Among the most notable attacks is the one suffered by the Ministry of the Interior of Spain, which suffered various problems on its website during election day, as well as the attack suffered in July by Telefónica, Orange and Euskatel, among many others.
It is known that this group has strong links with the Russian intelligence services.
Sources: BoldTV, Norton