10 Most Powerful (Known) Active Hacking Groups
Hackers are a diverse group
There are young, prank hackers like Lizard Squad. Lizard Squad infamously used a DDOS attack to take down Playstation and Xbox networks during Christmas (it's a pretty sinister prank to target children like that). Some hackers are older, and often work as "computer security consultants" who advise companies on how to protect themselves. Some hackers are in it for monetary gain, while others are in it for the lulz and the power.
More and more there are state-sponsored groups that have Hollywood-style capabilities. The best known example of this is Stuxnet, an Israeli (as well as probably American) worm that infected Iran nuclear facilities. Stuxnet caused the nuclear centrifuges to go haywire while the control system displays for those centrifuges would read normally. It had the power to create a devastating explosion while monitoring stations appeared normal. The scariest part is that it could be refitted easily for just about any industrial operation.
Since a virus like Stuxnet is much harder to pull off than a DDOS attack, most of the groups on this list are state-sponsored. Disclaimer: I don't have outstanding technical knowledge on the subject, feel free to critique in the comments.
10: Bureau 121
Although most technology in North Korea is extremely outdated, their government still has shown interest in hacking. According to defectors, military hackers live extravagant lives in North Korea. Top students are handpicked from straight out of their "University of Automation" school. The primary wing of this hacking group is known as Bureau 121. It comprises about 1,800 people that work around the world (because internet infrastructure in NK is pretty terrible).
Most of the Bureau's activity has been focused on South Korea. Attacks have ranged from malicious gaming apps targeted at South Korea, hacking the website of the South Korean President, and destroying data of banks and broadcasting companies. Guardians of Peace, the group behind the famous Sony hack might have been a Bureau 121 proxy. That particular hack cost Sony about $15 million.
9. Chaos Computer Club
Chaos Computer Club (CCC) is probably only one of two groups on this list with any sort of moral code. It also is probably the oldest- it was founded by a small group of Germans in 1981.
Today it is a large association of mostly German-speaking hackers. CCC has made a number of hacks where they first consulted legal experts to make sure that what they were doing was legal. Although they almost permanently reside in or around legal grey-area, this willingness to operate within legal bounds has allowed their survival. Not only have they survived, but they've been accepted, recognized, and sometimes glorified by the press. Since it is a large disorganized association of people with exceptional computer security technical knowledge, not everyone has always behaved according to law.
CCC gained notoriety in the 80's when they notified the Deutsche Bundespost of flaws in their online system. Deutsche Bundespost was somewhat of an ideal target for an early hacktivist group, because they actively tried to keep more technologically advanced startups from competing. Deutsche Bundespost's system provider responded by assuring everyone that the system was secure. Of course, CCC still hacked the system and stole DM 134,000. They returned the money the next day.
Morpho, a.k.a. Wild Neutron, is a well-funded group that has executed dozens of high profile hacks since 2011 on tech, pharmaceutical, and investment companies. They're likely not state-sponsored because their hacks usually steal insider information for monetary gain. They've hit Microsoft, Apple, Facebook, and Twitter via zero-day exploits. Since zero-day exploits are unknown to the software vendor as long as they are undiscovered, they give powerful access to the hacker. This is a contrast to something simple like a DDOS that just overloads server traffic for a period of time.
Morpho is particularly interesting because they are likely a sophisticated small group. Some of their signatures include multi-platform malware, well-documented code, bitcoins to pay hosting providers, and multi-staged command and control networks with encrypted virtual machines. They are English-speaking and are very good at covering their tracks.
7. Syrian Electronic Army
The Syrian Electronic Army (SEA) is a hacker group with Syrian sympathies as well as connections to Iran and Hezbollah. They've show a wide array of attack capabilities. Most famously, they've defaced many major Western news outlets, but they have also managed to locate opposition rebels using malware. Also, if you're a fan of The Onion, you should read the Onion's response to a SEA hack.
The SEA is unique because of its varied tone and style. For example, it tweeted from AP's account that Obama had been injured in explosions at the White House. This one simple tweet sparked a dramatic temporary fall in the DOW Jones Index. On the lighter side, they've tweeted from BBC Weather that "Saudi weather station down due to head on-collision with camel". Their familiarity with English colloquialism and humor raises questions about the SEA's identity, but the NYT has stated that the SEA is probably Iranian.
Anonymous is probably the most recognizable hacker group to at least the American general public. They originated in 2003 on 4chan, and have grown to be a significant force on the internet. Anonymous draws some power from being extremely decentralized, and they therefore can keep operations running even if someone is arrested (as many have been). Most of their hacks historically have been of the liberal hacktivist variety, although others have been extremely serious or extremely light-hearted in nature.
Some of their more focused campaigns have been the Occupy Movement, anti-child pornography, and anti-Church of Scientology (some of which involved physical presence as well as an internet one). Although they have certain collective symbols, such as Guy Fawkes masks and taglines, there is no single person giving commands. If a person becomes too narcissistic and starts to use his or her own name for things, that person will be chastised and encouraged to leave. Anonymous is an idea, and it is an idea with unprecedented staying power.
5. Tarh Andishan/Ajax
Understandably, Iran was not pleased with Stuxnet. It jeopardized the country's nuclear power (and if you're more cynically-inclined, also nuclear bomb) ambitions. Iran decided it was best to aggressively upgrade their cyber capabilities. They did this in at least two ways: create an independent state-sponsored group, Tarh Andishan, and consult and hire existing Iranian hackivist groups (like Ajax).
Ajax was better known for website defacement, but after Stuxnet it's likely they were consulted for patriotic espionage (pioneered by the Chinese). Ajax is most famous for "Operation Saffron Rose" in which they attempted to gain information on U.S. defense industry officials with advanced phishing attacks.
Tarh Andishan is actually a little scarier for the average civilian because they've gained access to airport gate control systems in South Korea, Saudi Arabia, and Pakistan. Such access would allow them to spoof security credentials in an airport. They've also hacked industrial targets like oil, gas, and telecommunications companies.
Another likely state-sponsored group, this time out of Eastern Europe and Russia, is Dragonfly. Dragonfly is likely state-sponsored due to its targets: electric grids, energy industry, and other control systems in U.S. and Europe. They're designated as an APT (Advanced Persistent Threat).
Their most common attacks are spear-phishing and watering hole attacks. This is not unusual for APT groups. They've also demonstrated capabilities to embed trojans in legitimate software for industrial control systems. This is very reminiscent Stuxnet. When Stuxnet was first found, it was recognized to be universal for many industries. It might be that we are starting to see Stuxnet-like worm capabilities for organizations other than the United States and Israel.
APT28 (named by FireEye) is unsurprisingly an Advanced Persistent Threat group. They're Russian, and might share funding sources with Dragonfly (although I don't know so I didn't group them together). All of their targets are targets that the Russian government is interested in, they speak Russian, and they've been traced back to a government sponsor in Moscow.
APT28 uses pretty well known hacking methods, and uses them successfully and often. They've hacked NATO, Polish government websites, Georgia ministries, and OSCE. They're unique in that they've been caught framing the Cyber Caliphate (ISIS) for their attacks. Just like other organizations on this list, they operate in areas with no extradition treaty to the U.S. - so they are immune to legal repercussions.
Elderwood Group and 20 other Chinese APTs
Elderwood Group, Axiom, Unit 61398, Comment Crew, Putter Panda, Hidden Lynx, and many more. China pioneered the state-sponsored hacking group, and they've continued to perfect the practice. Often it is difficult to tell whether the Chinese government is pulling the strings, funding, or even has affiliation with a group. I'm trying not to be ominous, but the list of hacks and zero-day exploits of these groups are rather long.
One of the more famous attacks came in 2010 under the name "Operation Aurora". We in part know about Operation Aurora because Google came forward and announced it had been hacked. Common targets included defense industries, human rights campaigns, and supply-chain firms. Elderwood group is a blanket term for all the groups involved. Sub-groups include Hidden Lynx (targeted defense industry and Japanese users), Linfo (manufacturing firms), Sakurel (aerospace companies), and Vidgrab (Uyghur dissidents). Such a coordinated, advanced, well-funded attack had to be orchestrated by the Chinese government. It is unclear what precautions will be taken to protect against increasingly sophisticated and persistent attacks in the future.
If that wasn't enough, the Chinese have vast troves of personal secrets of United States government employees.
1. Tailored Access Operations, NSA
If it weren't for Edward Snowden, we probably wouldn't know about Tailored Access Operations (TAO). TAO has some of the best capabilities in the world, and has collected about all the American telephone data you can imagine. Once revealed, more and more details have come out about them.
We now know they have 600 employees in the main NSA complex in Fort Mead, Maryland. There are also branches in Hawaii, Georgia, Texas, and Denver. They have sophisticated unique abilities that are difficult to even dream up. One of those capabilities is QUANTUMSQUIRREL, which allows them to appear on the internet anywhere as anyone. They've also compromised very common computer systems often with physical access or cooperation with network or hardware companies. They are known to force companies to insert vulnerabilities into their own systems for TAO to exploit.
Just about all the details of the organization are Orwellian. Take, for example, WARRIOR PRIDE. It's IPhone and Android software that can turn on a phone remotely, turn the microphone of the phone on and listen, track using geolocation, and its own tamper-proofing and stealth programming. That's just one that we know about.