State-Aligned Hacktivists Are Escalating Digital Warfare—and Civil Infrastructure Is in the Crosshairs

New Forescout report warns of growing threats from proxy cyber actors as geopolitical tensions spill into cyberspace

A new study from Forescout Technologies paints a stark picture of cyber conflict’s new frontlines: public transportation, national banks, government portals, and the everyday systems that keep societies running.“The Rise of State-Sponsored Hacktivism” report outlines how ideologically motivated cyberattacks are increasingly operating as covert weapons of war—launched not by rogue activists, but by hacker groups aligned with nation-states.

According to Forescout’s researchers, 2024 witnessed a dramatic surge in cyber disruptions carried out by four state-aligned hacktivist groups—BlackJack, Handala Group, Indian Cyber Force, and NoName057(16)—who together claimed responsibility for 780 attacks, with 90% attributed to Russian-aligned NoName057(16) alone. Their primary targets? Critical infrastructure in Ukraine, Israel, and European nations that publicly support Ukraine amid the ongoing war.

“This isn’t a future risk – it’s already happening,” said Barry Mainz, CEO of Forescout. “We’re seeing escalating attacks on critical infrastructure and commercial networks worldwide.”

The New Face of Hacktivism

Gone is the romanticized image of independent hackers fighting for social causes. Today’s hacktivists operate less like underground rebels and more like digital mercenaries—advancing geopolitical agendas through cyber aggression. Whether through defacing websites or launching disruptive DDoS attacks, their operations now resemble low-intensity warfare. The implications are chilling: the distinction between grassroots activism and state-sponsored sabotage is vanishing fast.

As Forescout’s report makes clear, the lines have blurred so thoroughly that discerning whether an attack is state-directed or merely state-inspired is often impossible. Some attackers operate under the illusion of activism while serving as strategic proxies in larger geopolitical conflicts.

Ukraine, Israel, and Spain in the Crosshairs

The report shows a staggering 82% of attacks occurred in Europe, with Ukraine suffering the most hits (141), followed by Israel (80) and Spain (64). Notably, less than 1% of attacks targeted organizations in the Americas, suggesting that adversaries are focusing efforts on regions directly entangled in or adjacent to active conflicts.

Critical infrastructure bore the brunt. Government agencies—including military branches—were targeted in 44 attacks. The transportation sector was hit hard as well, making up 21% of all incidents, with hackers disrupting ports, airports, rail lines, and public transit. Financial institutions weren’t spared either, enduring 13% of all observed attacks.

“These actors are zeroing in on the industries that impact daily life,” said Daniel dos Santos, Head of Research at Forescout’s Vedere Labs. “We expect them to prioritize industries that impact daily life, such as government services and financial institutions.”

What’s Next: OT and IoT Under Siege

While traditional attack methods like DDoS and data exfiltration remain prevalent, the report warns that operational technology (OT) and Internet of Things (IoT) systems are becoming the next battlegrounds. These systems, often inadequately secured and deeply embedded in physical operations, offer ripe targets for more severe disruptions.

Forescout predicts a rise in attacks exploiting vulnerabilities in smart infrastructure—from industrial sensors to networked transit systems—potentially crippling vital services and sowing broader chaos.

A Call to Arms for Infrastructure Defenders

As tensions rise globally—from Eastern Europe to the Middle East—Forescout’s findings serve as a wake-up call to governments and private-sector operators alike. Attackers are no longer content with symbolic defacements or headline-grabbing hacks. They’re pursuing systemic disruption, with precision and persistence.

“Organizations must act now to close every gap and take control of their attack surface before it’s used against them,” Mainz urged.

The report’s core message is unambiguous: state-aligned hacktivism isn’t just the future of conflict—it’s already here, and the front lines run through the routers, servers, and operational systems we depend on every day.