Pro-Russian & Palestinian hacktivists target Australia

A wave of cyberattacks targeting Australian entities has been claimed by pro-Russian and pro-Palestinian hacktivist groups.

Pro-Russian groups, including NoName057(16), the Cyber Army of Russia Reborn, and Z-Pentest, have conducted over half of more than 60 reported Distributed Denial-of-Service (DDoS) attacks on websites associated with Australian government institutions, transportation, financial, legal, educational, and insurance sectors. NoName057(16) attributed these actions partly to Australia's support for Ukraine, specifically to Australia's commitment to supply 14 military boats worth over USD $9 million. This support is perceived by these groups as a challenge to Russian interests, framing the aid as a Western alignment hostile to Russia.

According to the Telegraph Agency of the USSR (TASS), these military boats are intended to enhance Ukraine's maritime security amidst the ongoing conflict. Australian Defense Minister Richard Marles confirmed the aid, emphasizing its goal to bolster Ukraine's coast guard capabilities. Pro-Russian hacktivists perceive this as a move from a neutral or humanitarian stance to active participation in the conflict by Australia, thereby marking it as a legitimate target for cyberattacks.

Z-Pentest, aligned with the pro-Russian groups, claimed responsibility for attempts to disrupt operational technology systems in Australia, targeting a sewage pumping station in Melbourne and interfering with cooling systems at a Sydney warehouse. While these claims have potential propaganda value, they highlight a psychological tactic to incite fear among Australian citizens and amplify the presence and capability of these groups as a part of their deterrence strategy.

RipperSec, a pro-Palestinian hacktivist group, joined the cyber offensive against Australia, driven by opposition to Australia's perceived backing of Israel amid the Israel-Palestine conflict. RipperSec accuses Australia of complicity in Palestinian oppression and uses cyber operations as a form of activism to draw attention to their cause by undermining nations they perceive as supporting Israel. Their operations were intensified through alliances with hacker collectives such as the Fighter Blackhat and the Pro-Palestinian Hackers Movement (PPHM), amplifying their campaign's scale and visibility.

RipperSec and its allies issued threats to "destroy" targeted systems under the banners of "#OpsAustralia" and "#OpsUkraine", highlighting a strategy of prolonged cyber pressure to disrupt and intimidate their targets. This approach aligns with their efforts to instil fear within governmental, organisational, and civilian sectors.

NoName057(16) utilises Layer 7 web DDoS attacks with a volunteer-driven botnet, DDosia, focusing on high-impact backend components of online services to achieve substantial disruption. This hacktivist group emerged in response to the IT Army of Ukraine's offensive against Russian entities post-February 2022 and has been persistently active in targeting organisations in nations supporting Ukraine.

Another entity, the Cyber Army of Russia Reborn (CARR), has also been implicated in low-complexity but disruptive DDoS attacks targeting critical infrastructure across various Western nations. Meanwhile, Z-Pentest, noted for its association with pro-Russian activities, has involved itself in operational disruptions beyond Australia, posing risks to public health and supply chains in targeted nations.

RipperSec's attack capabilities are facilitated through its MegaMedusa tool, used in DDoS attacks that emphasize randomisation techniques to evade detection. The attacks by RipperSec not only aim to create chaos and attract attention but also to serve as a form of political and ideological influence, stressing their narrative against perceived allies of Israel.