Ready to Start Your Career?

Notorious Hacking Groups of the 21st Century

lpark's profile image

By: lpark

July 9, 2019

TL;DR: Coordinated hacking groups carry out some of the most visible attacks in the cybersecurity industry. No matter their motivations, hacking groups can gain notoriety and exposure from their works. This section looks at some of the most notorious hacking groups in recent years, what they did, and why they did it.The cultural component of cybersecurity has always been an important part of the industry for enthusiasts and professionals across the world. For better or worse, some hackers have achieved notoriety through their exploits. Under the cover of groups and screennames, many hackers will build a reputation through a disguised identity. High-profile cybersecurity incidents propagate their reputation and major media outlets highlight their crimes as international drama. This section will examine some of the most notorious hacking groups in recent times, their exploits, and their motivations.

Lizard Squad

DDoS attacks, also known as Distributed Denial of Service attacks, work by rendering a service unusable by overwhelming it with requests and traffic. Lizard Squad mostly employed DDoS attacks. Based out of the United States and United Kingdom, Lizard Squad began targeting popular video games with DDoS attacks, shutting down their online servers for all users. Innocuous enough, but the attacks later developed into a targeted internet shutdown of North Korea on December 22, 2014. Lizard Squad seemed motivated primarily by achieving internet fame and selling DDoS services online. The group was involved in several other high-profile attacks and disbanded September 3, 2014.


This North Korean group is responsible for hacking corporations throughout the 2000s. Lazarus is known for using advanced methods and techniques towards compromising large corporations. Responsible for the 2014 Sony hack, it led to the loss of several unreleased movies and the personally identifiable information of thousands of employees. In recent times, they have been known to employ spear phishing techniques against users that are holding cryptocurrencies. Malware is hidden in a personalized message in order to harvest passwords and email addresses.


HackingTeam, also known as The Hacking Team, is a very prolific hacking group and IT corporation founded in Milan, Italy in 2003. With operations in Annapolis, Singapore, and Washington D.C., HackingTeam has developed and sold remote surveillance software to governments across the world. These tools are designed to allow governments to monitor citizen files, emails, voice communications, microphones, and cameras without their knowledge or consent. This attracted some criticisms on the grounds of human rights, especially surrounding their business with nations deemed corrupt by the United Nations. However, nations in the Security Council and across all six continents have done business with HackingTeam.

Cozy Bear and Fancy Bear

These two competing hacking groups are based out of the Russian Federation and Eastern European nations. Cozy Bear has been linked to the FSB, a Russian intelligence agency modeled after the KGB. Their activities included the infiltration of US political think-tanks via zero-day exploits and spear phishing techniques. In contrast, Fancy Bear has been linked to GRU, the federation’s military intelligence agency. This group is infamous for interfering with elections, including a hack of the 2017 Democratic National Committee, during the US presidential elections.

Comment Crew

This group is sometimes known as the Shanghai Group. They are mostly associated with major Chinese cyberattacks. They achieved notoriety through a spear phishing attack on the Coca-Cola Company. Hackers posed as the CEO of Coca-Cola in an email to the standing deputy president. The email contained hidden malware that installed a keylogger on the deputy president’s computer. The hackers had access to sensitive files and information for only a month before the FBI detected the attack and shut it down.
Schedule Demo