A hacker group is a team of decentralized and skilled cybercriminals who work to

infiltrate and exploit networks to make a profit, make a statement, or just cause
mayhem. Some even aim to do good by exposing security flaws and teaching others
how to fix them. These hacker groups can be categorized into different types of
hackers, such as:

 Black hat: These are stereotypical cybercriminals who work to break into
personal networks and devices to steal sensitive data for profit.
 White hat: These hackers break into systems to detect security flaws so
that entities like businesses and governments can address them.
 Gray hat: These individuals belong to groups whose main purpose is to
hack for fun or entertainment.

Throughout the years, several hacker groups have managed to compromise the
security of some of the biggest companies and brands, such as Microsoft, Apple,
and even whole governments and healthcare systems, with devastating effects.

Read more to learn about the most famous hacker groups organized by origin date,
their objectives, and notable attacks, as well as tips to protect yourself from
cybercrime.

1. Chaos Computer Club

Type of hacker: White hat

 Stated objective: Provide education surrounding data privacy, freedom of

information, hacktivism, surveillance, and technical and societal issues
 Alleged region of origin: Germany
 Perceived years active: 1981 to present
 Notable attack(s): German Bildschirmtext (BTX)

Originating in Europe in 1981, the Chaos Computer Club (CCC) is one of the
oldest and largest hacking groups in the world with over 7,000 members.
It’s a group of white hat hackers that focuses on exposing governmental security
flaws and spreading education about computer network security. They also
advocate for government transparency, the human right to communication, and
freedom of information.

The group made headlines when its members hacked the German Bildschirmtext
(BTX) in 1984. The BTX was an online videotex system that was launched in 1983.
During the hack, members of the CCC were able to transfer 134,000 German Marks
into their bank accounts. After catching the attention of the press, the hackers
returned the funds. This attack was carried out as a statement to prove that the
system was at risk for potentially more threatening hackers.

2. Legion of Doom
Type of hacker: White hat

 Stated objective: Spreading knowledge about hacking

 Alleged region of origin: United States
 Perceived years active: 1984 to early 2000s
 Notable attack(s): The war with the Masters of Deception hacker group

The Legion of Doom was an American white hat hacker group credited for
publishing its hacking knowledge in several pieces of content, the most notable
being the Hacker Manifesto. This essay highlighted the goals and ethics of
hackers from all over the world.

This group was the most active between 1984 and the early 2000s and is also noted
for its conflict with another hacker group, Masters of Deception. Known as the Great
Hacker War, these two groups worked to attack each other’s networks. The conflict
ultimately led to the temporary shutdown of AT&T and the disbanding of both
groups.

3. Lazarus Group
  Type of hacker: Black hat
 Stated objective: Conduct cyber operations including cyber-enabled
finance crime and espionage
 Alleged region of origin: North Korea
 Perceived years active: 1998 to present
 Notable attack(s): Sony Pictures, the WannaCry ransomware attack

Lazarus Group is a famous hacker group that was created in North Korea in 1998
and is still active today. The group considers itself a cyber warfare agency that’s
part of the Reconnaissance General Bureau within North Korea’s military. Lazarus
Group’s main goal is to conduct cyber operations, with its main targets being South
Korea and the United States.

The actions of Lazarus Group came to the surface after they hacked Sony Pictures
following the release of the film “The Interview” in 2014. The attack leaked personal
emails and information, which cost Sony $15 million to repair. However, the group’s
most famous attack was the WannaCry ransomware attack, which infected
over 200,000 computers operating Microsoft Windows and resulted in $4
billion in damage.

4. Tailored Access Operations (TAO)

 Type of hacker: Black hat
 Stated objective: Gather intelligence by computer network exploitation
from foreign entities
 Alleged region of origin: United States
 Perceived years active: 1998 to present
 Notable attack(s): Snowden leak

Tailored Access Operations, also known as TAO, is a cyber warfare unit of the
United States National Security Agency (NSA) known for having its files leaked by
Edward Snowden, a former NSA contractor. TAO hacker group’s main purpose is
to gather intelligence on foreign entities by exploiting software and
hardware.

According to the leaked files from Snowden, the hacker group uses software
templates to break into popular hardware, such as switches, firewalls, and routers
from product vendor lines.

5. Dragonfly
 Type of hacker: Black hat
 Stated objective: Infiltrate third-party organizations
 Alleged region of origin: Russia
 Perceived years active: 2010 to present
 Notable attack(s): Ukraine power companies

Dragonfly is a cyber espionage group that is attributed to Russia’s Federal Security

Service (FSB). They’re also known as Crouching Yeti, Iron Liberty, and Berserk Bear.
Since 2010, this group has been known to hack infrastructure entities in North
America and Europe and target aviation and defense companies. It carries out
attacks through spear phishing and drive-by compromise attacks on third-party
organizations that have lower levels of network security.

Although they’re known for carrying out these types of attacks, authorities have
been unable to officially trace a specific attack back to the group. Allegedly, the
group is responsible for conducting a DDoS attack by infecting multiple power
companies in Ukraine with the BlackEnergy trojan, resulting in a blackout for
thousands of citizens.

6. LulzSec
 Type of hacker: Gray hat
 Stated objective: Expose security flaws of high-profile companies for
entertainment purposes
 Alleged region of origin: United States
 Perceived years active: 2011
 Notable attack(s): The hacking of Fox News, PlayStation Network, and
the U.S. Senate

LulzSec, also called Lulz Security, is a gray hat group that hacks the day-to-day
operations of high-profile companies and organizations. According to the group, its
mottos are: “The world’s leaders in high-quality entertainment at your
expense” and “Laughing at your security since 2011.”

The group gained attention after they hacked the websites of Fox News, Sony
Pictures, PlayStation, and the CIA. All the hacks were carried out through DDoS
attacks. These malicious activities even caught the attention of law enforcement —
Hector Monsegur, one of the group's members, helped the authorities catch some
of the other members.

7. Morpho
  Type of hacker: Black hat
 Stated objective: Gain access to high-level corporate data
 Alleged region of origin: Unknown
 Perceived years active: 2011 to present
 Notable attack(s): The Microsoft, Apple, Twitter, and Facebook breaches
in 2013

Morpho is a hacker group focused on cyber espionage, and is also called Wild
Neutron, Sphinx Moth, and Butterfly. This group usually performs financially
motivated attacks, and has affected and stolen confidential information from high-
profile companies such as Twitter, Apple, Facebook, and Microsoft. To hack these
organizations, the group utilized zero-day vulnerabilities.

Although its motivations are clear, the group’s origins remain unknown and
they’ve made themselves nearly impossible to track. However, it’s said that
they may be of English-speaking origin because the code is entirely composed of
English and their encryption keys are named after memes in American pop culture.

9. Lizard Squad
 Type of hacker: Black hat
 Stated objective: Target entertainment and video game servers via DDoS
attacks
 Alleged region of origin: North Korea
 Perceived years active: 2014 to 2015
 Notable attack(s): PlayStation, Xbox, Malaysia Airlines, Facebook

Lizard Squad is a North Korean hacker group that carries out DDoS attacks. They’re
known for hacking Facebook and Malaysia Airlines, as well as gaming giants such as
PlayStation Networks and Xbox Live. They also take credit for shutting down the
internet in North Korea in 2014.

It’s also alleged that Lizard Squad imposed bomb threats against Sony Pictures’ CEO
and leaked explicit photos of celebrities. Fortunately, their attacks only lasted from
2014 to 2015 after key members of the group were arrested by authorities.
10. Conti
Type of hacker: Black hat

Stated objective: Gain access to the victim’s network and encrypt important
services or files

Alleged region of origin: Russia

Perceived years active: 2018 to 2022

Notable attack(s): Irish health care system, the Costa Rican government

Conti, also known as Ryuk, is a ransomware as a service (RaaS) black hat hacker
group that originated in Russia in 2018. This group sought to target institutions
ranging from financial services, education, technology, and health care. Over the
years, Conti has affected over 400 targets across France, the United
Kingdom, and the U.S.

One of their most infamous attacks was the hack on Ireland’s Health Service
Executive (HSE) in 2021, causing the HSE’s IT systems to shut down, which resulted
in limited access to important diagnostic and medical records. Conti asked for a
ransom of nearly $20 million.

11. LockBit
 Type of hacker: Black hat
 Stated objective: Block user access to computer systems in exchange for
a ransom payment
 Alleged region of origin: Russia
 Perceived years active: 2019 to present
 Notable attack(s): The Center Hospitalier Sud Francilien attack

LockBit is an RaaS hacker group from Russia that blocks user access to computer
systems in exchange for payment. Since 2019, LockBit has averaged around 70
victims a month and has been responsible for 46% of all RaaS breaches in the first
quarter of 2022. The group has also been tied to over 40 attacks in June 2022
alone.

An example of LockBit’s attacks includes the $10 million ransom they demanded
from Paris’ Center Hospitalier Sud Francilien after they infiltrated the hospital’s
business software. As a result of the attack, the hospital was unable to use several
medical systems.

12. REvil
 Type of hacker: Black hat
 Stated objective: Gain access to high-level organizations and encrypt
their files
 Alleged region of origin: Russia
 Perceived years active: 2019 to present
 Notable attack(s): The Kaseya attack

REvil is another famous black hat hacker group in the RaaS playing field. Originating
in Russia in 2019, this group encrypts files and information and hacks into systems,
demanding a ransom payment in exchange for information. REvil’s most active year
was 2021 — it accounted for 37% of ransomware attacks in 2021
according to IBM Security.

However, its most notable attack was the attack on Kaseya, an IT service provider.
This attack was an automatic software update with REvil’s ransomware that affected
over a million customers of Kaseya’s managed service providers (MSPs). The attack
had a $70 million ransom to fix affected systems.

Other REvil attacks include stealing Apple’s schematics for upcoming products,
leaking 2.4 GB of data from Lady Gaga, and publishing HX5 documents related to
the U.S. Air Force, Navy, and Army.

13. DarkSide
  Type of hacker: Black hat
 Stated objective: Target victims via ransomware and extortion
 Alleged region of origin: Eastern Europe
 Perceived years active: 2020 to present
 Notable attack(s): Colonial Pipeline attack of 2021

DarkSide is a newer Eastern European RaaS hacker that is perceived as one of

the world’s most dangerous hacking groups. This group is known for
targeting high-profile corporations worldwide with stolen credentials and manual
jacking with testing tools.

DarkSide became a major player in cybersecurity attacks with the Colonial

Pipeline attack in 2021. The attack was responsible for the partial shutdown of the
network that supplies 45% of the gasoline for the U.S. East Coast. This resulted in
widespread panic-purchasing in the gasoline industry and a 75 million Bitcoin
(about $5 million) ransom paid by the Colonial Pipeline Company.

14. Hafnium
 Type of hacker: Black hat
 Stated objective: Exploit vulnerabilities in American internet-facing
servers
 Alleged region of origin: China
 Perceived years active: 2021 to present
 Notable attack(s): The Microsoft Exchange Server data breach

Hafnium is a cyber espionage hacker group that originated in 2021 allegedly from
the Chinese government. This group is known to mainly target American internet-
facing servers across a variety of industries, including higher education, defense
contractors, infectious disease researchers, and law firms.

Hafnium’s most notable attack (although denied by Hafnium) is the data breach of
the Microsoft Exchange Server in 2021. This attack utilized a zero-day exploit
that affected the email servers of over 60,000 organizations, including the
European Banking Authority.

15. Lapsus$
 Type of hacker: Black hat
 Stated objective: Pursue extortion against government agencies and
companies via social engineering tactics
 Alleged region of origin: England
 Perceived years active: 2021 to present
 Notable attack(s): The attack of the Brazilian Ministry of Health, Cisco,
Samsung, Microsoft, Okta, and Nvidia
Lapsus$ is another famous hacker group that is data extortion-focused, pursuing
attacks against companies and government agencies with social engineering tactics
by gaining access to sensitive information and employee credentials.

Lapsus$ is unique because they use Telegram, a messaging app, to recruit

additional group members from the public, and will use the channel to
post stolen information. They first made headlines after their attack on the
Brazilian Ministry of Health, which compromised the COVID-19 vaccination data of
millions of people. Since then, the group has targeted additional victims, such as
Microsoft, Samsung, Uber, Rockstar Games, Cisco, and Nvidia.

How to protect yourself from hacker

groups: 9 tips
After learning about these famous hacker groups, it’s safe to say you may feel like
your own security can be improved or that you’re in need of some ways to protect
your personal information and devices. Here are nine tips to help protect you and
your organization from hacker groups: