48.1 F
Washington D.C.
Thursday, March 20, 2025
AI and Advanced TechCybersecurityInfrastructure Security

Ongoing Threat of “Mr. Hamza” and Allied Hacktivist Groups

Increased DDoS Attacks Targeting Western Governments and Critical Infrastructure

Megan Norris
By Megan Norris

The escalating cyber activities of a threat actor known as “Mr. Hamza” demonstrate the ongoing sophisticated threats facing government institutions, critical infrastructure, and intelligence agencies in the U.S. and abroad. This threat actor continues to demonstrate their commitment to launching disruptive Distributed Denial-of-Service (DDoS) attacks against high-profile government and critical infrastructure targets, primarily in Western nations and those supporting Israel. Recent activity indicates a growing sophistication and coordination with other hacktivist groups, posing a significant threat to national security.

 

Threat Actor Profile: “Mr. Hamza”

  • Activity: Primarily focused on DDoS attacks, with claims of data leaks on social media.
  • Targeting: Government institutions, intelligence and cybersecurity agencies, energy infrastructure (including nuclear facilities), financial services, and military sectors.
  • Motivation: Appears to be politically motivated, targeting countries perceived as supporting Israel or Western interests.
  • Potential Origin: Suspicions point to actors of Moroccan origin.
  • Collaboration: Actively collaborates with other hacktivist groups, including Holy League, NoName057(16), and Z-Pentest, amplifying their impact.

 

Recent Notable Incidents:

  • March 2, 2025:
    • Mr. Hamza claimed responsibility for DDoS attacks targeting multiple Spanish websites, including the Defence Staff (Estado Mayor de la Defensa or EMAD in Spain), Department of National Security (DSN- Departamento de Seguridad Nacional), and the Spanish Army.
    • This attack, reported by X account @FalconFeedsio, highlights the actor’s continued focus on disrupting critical government services.
  • January 13, 2025:
    • Mr. Hamza announced DDoS attacks against the U.K.’s Secret Intelligence Service (MI6) and the European Union Agency for Cybersecurity (ENISA).
    • While website accessibility was disputed, the announcement served as a demonstration of intent and capability.
  • December 17, 2024:
    • Mr. Hamza claimed responsibility on Telegram for a DDoS attack that brought down the FBIBiospecs website, posting a screenshot as evidence.
    • This incident, following a series of attacks against Israeli organizations, demonstrates the actor’s broad targeting scope.
  • December 6, 2024:
    • Mr. Hamza participated in a coordinated campaign against France, targeting high-value government entities, including the Ministry of Foreign Affairs, French Directorate-General for External Security (DGSE), French National Nuclear Energy Commission (CEA), and the French National Cybersecurity Agency (ANSSI), in retaliation for France’s support of Ukraine and Israel.

 

Analysis and Implications:

Mr. Hamza represents a sophisticated, politically motivated cyber threat. The collaboration between Mr. Hamza and other hacktivist groups indicates a growing level of coordination and resource sharing that increases the potential for large-scale, coordinated attacks. The targeting of critical infrastructure, particularly energy and nuclear facilities, represents a significant and evolving national security risk that requires continued focus, monitoring, and collaboration between government and industry partners.

Previous article
DHS Says CISA Will Not Stop Monitoring Russian Cyber Threats
Next article
Couple Arrested for Allegedly Forcing Way Past Airport Security – and Throwing Coffee in Staffer’s Face
Megan Norris
Megan Norris
Megan Norris has a unique combination of experience in writing and editing as well as law enforcement and homeland security that led to her joining Homeland Security Today staff in January 2025. She founded her company, Norris Editorial and Writing Services, following her 2018 retirement from the Federal Air Marshal Service (FAMS), based on her career experience prior to joining the FAMS. Megan worked as a Communications Manager – handling public relations, media training, crisis communications and speechwriting, website copywriting, and more – for a variety of organizations, such as the American Red Cross of Greater Chicago, Brookdale Living, and Advocate Illinois Masonic Medical Center. Upon becoming a Federal Air Marshal in 2006, Megan spent the next 12 years providing covert law enforcement for domestic and international missions. While a Federal Air Marshal, she also was selected for assignments such as Public Affairs Officer and within the Taskings Division based on her background in media relations, writing, and editing. She also became a certified firearms instructor, physical fitness instructor, legal and investigative instructor, and Glock and Sig Sauer armorer as a Federal Air Marshal Training Instructor. After retiring from FAMS, Megan obtained a credential as a Certified Professional Résumé Writer to assist federal law enforcement and civilian employees with their job application documents. In addition to authoring articles, drafting web copy, and copyediting and proofreading client submissions, Megan works with a lot of clients on résumés, cover letters, executive bios, SES packages, and interview preparation. As such, she presented “Creating Effective Job Application Documents for Female Law Enforcement and Civilian Career Advancement” at the 2024 Women in Federal Law Enforcement (WIFLE) Annual Leadership Conference in Washington, DC, and is a regular contributor to WIFLE's Quarterly Newsletter. Megan holds a Master of Science in Integrated Marketing Communications from Roosevelt University in Chicago, and a Bachelor of Arts in English/Journalism with a minor in Political Analysis from Miami University, Oxford, Ohio.

Related Articles

- Advertisement -

Latest Articles

Load more
All content copyright ©2024 Homeland Security Today. All rights reserved.

POWERED BY MHA Visuals