Saved in:
Bibliographic Details
Main Authors: Derbyshire, Richard, Selck-Paulsson, Diana, van der Walt, Charl, Burton, Joe
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2509.05104
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866915534579171328
author Derbyshire, Richard
Selck-Paulsson, Diana
van der Walt, Charl
Burton, Joe
author_facet Derbyshire, Richard
Selck-Paulsson, Diana
van der Walt, Charl
Burton, Joe
contents Since 2022, hacktivist groups have escalated their tactics, expanding from distributed denial-of-service attacks and document leaks to include targeting operational technology (OT). By 2024, attacks on the OT of critical national infrastructure (CNI) had been linked to partisan hacktivist efforts in ongoing geopolitical conflicts, demonstrating a shift from protest to something more resembling cyber warfare. This escalation raises critical questions about the classification of these groups and the appropriate state response to their growing role in destabilizing international security. This paper examines the strategic motivations behind escalatory hacktivism, highlighting how states may tolerate, encourage, or leverage hacktivist groups as proxies in conflicts that blur the lines between activism, cybercrime, and state-sponsored operations. We introduce a novel method for interpreting hacktivists based on the impact of their actions, alignment to state ideology, and host state involvement, offering a structured approach to understanding the phenomenon. Finally, we assess policy and security implications, particularly for host and victim states, and propose strategies to address this evolving threat. By doing so, this paper contributes to international discussions on cyber security policy, governance, and the increasing intersection between non-state cyber actors and state interests.
format Preprint
id arxiv_https___arxiv_org_abs_2509_05104
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle From Protest to Power Plant: Interpreting the Role of Escalatory Hacktivism in Cyber Conflict
Derbyshire, Richard
Selck-Paulsson, Diana
van der Walt, Charl
Burton, Joe
Cryptography and Security
Computers and Society
Since 2022, hacktivist groups have escalated their tactics, expanding from distributed denial-of-service attacks and document leaks to include targeting operational technology (OT). By 2024, attacks on the OT of critical national infrastructure (CNI) had been linked to partisan hacktivist efforts in ongoing geopolitical conflicts, demonstrating a shift from protest to something more resembling cyber warfare. This escalation raises critical questions about the classification of these groups and the appropriate state response to their growing role in destabilizing international security. This paper examines the strategic motivations behind escalatory hacktivism, highlighting how states may tolerate, encourage, or leverage hacktivist groups as proxies in conflicts that blur the lines between activism, cybercrime, and state-sponsored operations. We introduce a novel method for interpreting hacktivists based on the impact of their actions, alignment to state ideology, and host state involvement, offering a structured approach to understanding the phenomenon. Finally, we assess policy and security implications, particularly for host and victim states, and propose strategies to address this evolving threat. By doing so, this paper contributes to international discussions on cyber security policy, governance, and the increasing intersection between non-state cyber actors and state interests.
title From Protest to Power Plant: Interpreting the Role of Escalatory Hacktivism in Cyber Conflict
topic Cryptography and Security
Computers and Society
url https://arxiv.org/abs/2509.05104