Cyber crime: Five hacking groups and syndicates to be aware of

Following an alleged cyber attack on Elon Musk's platform X this week, speculation over the perpetrators has been rife and generated a renewed interest in hacker and cyber threat groups around the world. Mr Musk said the IP addresses that caused X to be offline for almost an entire day originated near Ukraine but has not elaborated on that accusation. Morey Haber, a chief security adviser at cybersecurity firm BeyondTrust, said while he does not have strong feelings about Mr Musk's Ukraine claims, determining where cyber attacks originate is complicated. 'I would advise caution when blaming the attack on Ukraine, simply based on source IP address,' he said. 'Threat actors typically use bots, virtual private networks and bastion hosts to conduct attacks and obfuscate their identity, so the cyberattack of X/Twitter, if true, should have easily been defendable against an attack based on IP address or geolocation.' Associating a potential cyber attack with an IP address should never be used in a public statement without additional indicators or proof, Mr Haber added. Though it might be tempting to name and shame hackers and cyber threat actors, Mr Haber told The National that by the time the groups become widely known, they've already caused a lot of damage. 'Crime syndicates perform the most damage when they are unnamed, unknown and can operate from the deep shadows of the internet,' he said. Once they have been found and details around their operations leaked, Mr Haber added, their strength and ability to hack diminishes substantially. 'This doesn't negate their threat, but once indicators of compromise, methods of attack and malware become publicly documented, that should allow organisations to strengthen cybersecurity defences.' Mr Haber pointed out that hacking attracts a wide spectrum, with some perpetrators fuelled by politics and others by financial gain, some state-sponsored and others working alone. Here's a look at five of some of the more prominent groups currently on cybersecurity experts' radar and that have made headlines around the world: 'I only believe one cybersecurity syndicate poses the biggest threat worldwide,' said Mr Haber. 'Silk Typhoon, also known as APT27 and has been linked to the US Treasury Department breach in late 2024.' According to the US Cybersecurity and Infrastructure Security Agency and the FBI, Silk Typhoon has been linked to the Chinese government. Microsoft has also echoed that notion. 'Silk Typhoon is an espionage-focused Chinese state actor whose activities indicate that they are a well-resourced and technically efficient group with the ability to quickly operationalise exploits for discovered zero-day vulnerabilities in edge devices,' Microsoft's threat intelligence group has said. China has repeatedly denied the accusations. According to cybersecurity risk-mitigation company Cobalt, Anonymous is perhaps the most well-known hacking group. It first made headlines during the Occupy Wall Street protests in 2011, and Cobalt notes Anonymous has 'targeted PayPal, Visa and MasterCard'. 'Authorities have arrested hackers who claim to be part of Anonymous over the years, but the group's decentralised nature makes tracking down or prosecuting members challenging,' Cobalt wrote on its website. The group has also been known to use distributed denial-of-service (DDoS) attacks that have led to massive website disruptions. Both Norton and Cobalt list Morpho, a group of hackers dedicated to financially motivated cyber attacks, as a worrisome entity. The geographic origins of the group are largely unknown but, according to Norton, Morpho has previously targeted X, Meta, Microsoft and Apple to try to steal confidential information. There are some clues that Morpho has left behind in the cyber mess it causes. 'It's said that they may be of English-speaking origin because the code is entirely composed of English and their encryption keys are named after memes in American pop culture,' Norton said on its website. According to Cobalt, Morpho has also been known to seek intellectual property from health care and technology companies. Cybersecurity firms and technology analysts routinely list Darkside as one of the more prominent hacking groups. It rose to prominence in 2021 when it claimed responsibility for the Colonial Pipeline cyber attack that caused fuel shortages and price increases across the US. Darkside has also been known to run affiliate programmes to help other hacker groups in infiltration attempts. It has been known to use a 'ransomware-as-a-service model', meaning it sells or leases ransomware to others to carry out attacks. According to cybersecurity firm Norton, Darkside likely originates in Eastern Europe. 'This group is known for targeting high-profile corporations worldwide with stolen credentials and manual jacking with testing tools,' Norton said. Though it doesn't necessarily have the same history or name recognition of other hacking groups or cyber threat actors, Mint Sandstorm is quickly stoking fears in the technology security world. Microsoft's threat intelligence group said that Mint Sandstorm is an Iran-affiliated group 'known to primarily target dissidents protesting the Iranian government, as well as activist leaders, the defence industrial base, journalists, think tanks, universities, and multiple government agencies and services, including targets in Israel and the US'. It has been widely speculated that Mint Sandstorm was behind the attempted hack and potential breach of communications within Donald Trump's 2024 presidential campaign. 'Also uses credential harvesting to obtain access to official work accounts as well as personal accounts,' said Microsoft.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Arabian Post

15 hours ago

• Arabian Post

China's Iran Oil Bet Hits Strategic Snag

China is confronting significant disruption to its Iranian crude oil supply, risking both its energy security and geopolitical ambitions in the Middle East. With over 90 per cent of Iran's oil exports directed to China via Kpler, the contraction of that flow places Beijing's $400 billion 2021 cooperation deal in jeopardy. Major Chinese independent refiners, the so‑called 'teapots' in Shandong province, are enduring mounting losses as deepening discounts on Iranian oil clash with soaring global prices. Discounts have widened to between $3.30 and $3.50 a barrel against ICE Brent for July cargoes – up from approximately $2.50 in June – contributing to refinery utilisation dropping to around 51 per cent, down from 64 per cent a year ago. Despite Israel's airstrikes targeting Iranian energy infrastructure and concerns over potential U.S. sanctions, Iran has maintained its exports through a shadow tanker fleet and strategic logistics adjustments. Kpler reports that crude loadings have reached a five‑week high of about 2.2 million barrels per day, assisted by the use of a less exposed jetty on Kharg Island and pre‑positioning of floating stocks nearer to China – including approximately 8 million barrels stationed offshore China. ADVERTISEMENT In 2024, Iranian shipments to China peaked at 1.6 million barrels per day, but that volume had already declined to roughly 740,000 bpd by April 2025, as broader Middle East instability and tightening sanctions exerted pressure. Rival supplies from OPEC+ producers like Saudi Arabia and the UAE may partially compensate, yet analysts emphasise that prolonged disruption would still erode Beijing's strategic leverage and diplomatic role in the region. For China, this dependence on Iranian crude is part of a broader ambition to deepen its influence across the Middle East as a counterweight to the West. The initial rationale behind the 25‑year deal encompassed energy security, infrastructure projects, trade expansion, and regional diplomacy. But the conflict's escalation threatens those objectives, undermining China's established pipeline for cheap oil and complicating its efforts to mediate regional tensions. Economists note the urgency for Beijing to accelerate its shift toward renewable energy and domestic self-reliance. China had already reached a milestone with renewables comprising 56 per cent of its electricity capacity in 2024. The current moment has intensified calls to reduce external vulnerabilities and accelerate electrification. At present, the Chinese government has refrained from military engagement, calling for de-escalation and abstaining from direct intervention in support of Iran. Instead, it is pursuing regional diplomacy while guarding its considerable investments. A Chinese foreign ministry spokesperson emphasised the need to 'prevent the region from spiralling into greater turmoil', particularly to secure stable energy imports. However, should the conflict deepen, or if key Iranian oil infrastructure suffers irreparable damage, China's reliance on opaque supply routes and shadow trading may no longer suffice. Its medium‑term strategy of presenting itself as a credible peace broker in the Middle East faces growing strain amid diverging interests between Iran and Gulf states. China appears poised to rely more heavily on Gulf crude, yet that reliance comes with its own geopolitical calculations. Riyadh and Abu Dhabi together hold significant spare capacity – over 4 million barrels per day – which may cushion global shocks but do little to salvage China's ambition to sustain influence via energy partnerships. The unfolding developments in the Israel–Iran arena have exposed strategic fissures in a partnership that once appeared unshakeable. Even as Iran adapts tactically to maintain its export pipeline to China, Beijing must confront the reality that maintaining influence in the region demands resilience beyond discounted barrels and shadow fleets.

What's On

18 hours ago

• What's On

Public transport: Dubai to get 637 eco-friendly buses

Dubai's Road and Transport Authority (RTA) recently announced that its adding to its fleet of buses and have ordered 637 public buses to grace the roads of Dubai. The buses are worth a large Dhs1.1 billion and are sure to assist in the development of public transport around the city. The buses are scheduled for delivery in 2025 and 2026 and there will be various types including 40 electric ones. The announcement was shared after four major agreements were made and, H.E. Mattar Al Tayer, Director General, Chairman of the Board of Executive Directors at RTA, witnessed the signing at UITP Global Public Transport Summit. RTA also signed a Memorandum of Understanding with the Chinese company BYD, to pilot the operation of an electric bus equipped with the latest technologies and battery systems offered by the company. The trial will take place in Dubai over a period that includes the summer season. The buses will meet the European 'Euro 6' low-emission standards, highlighting the RTA's commitment to support Dubai's sustainability goals and aiming to have a 100% electric and hydrogen-powered public bus fleet by 2050. شهد معالي مطر الطاير المدير العام ورئيس مجلس المديرين في هيئة الطرق والمواصلات، على هامش مشاركة الهيئة في أعمال القمة العالمية للمواصلات العامة، توقيع أربع اتفاقيات توريد 637 حافلة متعددة الأحجام، مطابقة للمواصفات الأوروبية الخاصة بالانبعاثات الكربونية المنخفضة، 'يورو 6″، بينها… — RTA (@rta_dubai) June 19, 2025 RTA recently announced a bus pooling service for Dubai commuters. The service offers door-to-door service at affordable prices tailored to your daily routine, and delivered by fully licensed and RTA-regulated operators. The initiatives by RTA are mainly focused on improving the traffic flow around the city and making commuters lives easier. There are 40 places in Dubai to be improved over the summer as schools close and people jet off around the world. Image: Archive > Sign up for FREE to get exclusive updates that you are interested in

Middle East Eye

a day ago

• Middle East Eye

China said Israel should 'cease fire' as soon as possible in conflict with Iran

Chinese representative to the UN Fu Cong said on Friday that Israel should 'cease fire as soon as possible' to prevent the situation from escalating. Speaking at the UN Security Council earlier, Congo described Israel's attacks on Iran's nuclear facilities as a 'dangerous precedent' that could have 'catastrophic consequences'. The nuclear issue must be returned 'to the track of dialogue and negotiation', he said.