Recent high-profile activity suggests the hacktivist threat is reemerging after being curtailed by law enforcement, and could grow over the decade to encompass a wider set of targets, perpetrators and tactics. While they span many ideologies, broadly speaking, hacktivists use cyberattacks to promote some sort of political agenda, often through the release of company data and/or users' personal information, distributed denial of service and/or website defacement tactics to raise awareness of their cause and draw negative attention toward their targets. While other cyber actors like criminals and state intelligence services also employ these tactics, hacktivists do not outwardly seek monetary gain or to acquire valuable strategic or economic information they can then exploit for their own benefit; instead, their primary objective is to give rise to negative media attention on their targets by releasing incriminating information or otherwise embarrassing them publicly. Anonymous, a decentralized hacktivist collective that first gained widespread attention in 2008 when it targeted the Church of Scientology, is probably the best known, but many smaller groups and individuals comprise the wider threatscape that has witnessed a recent revival in high-profile activity:

• Anonymous announced Sept. 13 that it had stolen and leaked "a decade's worth of data" from the web hosting firm Epik, which is popular with far-right organizations. Anonymous said it targeted the company in retaliation for its helping enable these groups' online presence, and claimed that the stolen data could be used "to trace actual ownership and management of the fascist side of the Internet."
• Following a series of hacks against government databases it says amounts to the largest cyberattack in the country's history, since July a group of Belarusian dissidents known as the Cyber Partisans has leaked troves of sensitive data, including documents and recordings of officials plotting violence against protesters. The group formed in response to Belarus' August 2020 fraudulent presidential elections, and says it seeks to destabilize the government by publicizing incriminating information through its escalating cyberattacks.
• A previously unknown anti-Iranian group known as Adalat Ali ("Ali's Justice") on Aug. 22 leaked videos showing abuses at Tehran's notorious Evin prison. Their release followed separate cyberattacks over the summer that have been attributed to other anti-government hacktivist groups, including one targeting Iran's national railway system that disrupted travel and left a taunting note on electronic boards at train stations with the phone number of the office of Iran's supreme leader.

While a baseline level of hacktivism has persisted, high-profile attacks largely faded from public view under law enforcement pressure in the early 2010s. Hacktivism first emerged in the 1990s in parallel with the development and spread of personal computers and the internet, but did not reach its apex until approximately 2008-2012. At the time, Anonymous and a series of smaller groups — helped by sites like WikiLeaks that served as an online publishing forum for stolen information — carried out a series of high-profile attacks. But with worldwide media attention also came intense law enforcement scrutiny, leading to the disruption of many groups either through arrests or internal dissolution.

• Following a series of major cyberattacks against diverse targets ranging from multiple governments accused of human rights abuses to companies seen as cooperating too closely with state authorities, by the mid-2010s Anonymous had significantly curtailed its activities amid global law enforcement pressure. Although some members conducted periodic campaigns in response to discrete events, they never approached prior levels of activity as police made scores of arrests that drove many members underground.
• After a spree of high-profile cyberattacks between May-June 2011 against various corporate and government targets it claimed were violating individuals' freedom, the group known as LulzSec, which had split from Anonymous, disbanded. While it claims law enforcement pressure was not the reason, at the time of its dissolution police were already executing search warrants and in 2012 arrested the group's leader, who then became an informant in a sting operation that arrested many of the group's members.
• WikiLeaks and similar sites also came under great scrutiny as law enforcement sought to take down their digital infrastructure and arrest their members. In a move that coincided with a slowdown in its activities, WikiLeaks' founder Julian Assange took refuge in the Ecuadorian Embassy in London in 2012 to avoid extradition to Sweden on sexual misconduct charges that likely eventually would have sent him to the United States to face charges related to publishing classified information. WikiLeaks also suffered major blows to its reputation after repeated allegations of collusion with Russian authorities, particularly surrounding its role during the 2016 U.S. election in publishing hacked emails. 

Hacktivism is resurging amid global social unrest as hackers believe they have a less risky, asymmetric and more impactful way to confront more powerful targets. Days after the May 25, 2020, murder of George Floyd, Anonymous posted an online video intimating an imminent revival in its U.S. activities in response to massive national attention on social justice issues, sparking a renewed wave of attention. Since then, it has kept a high pace of cyber activity in support of various causes — ranging from retaliating for police brutality to exposing right-wing extremism — and has leveraged its deliberately decentralized model that enables geographically disconnected individuals to collaborate, thereby making it easier for them to operate in ways they could not in person and harder to disrupt their efforts. While Anonymous has been the most high-profile actor to demonstrate these attributes, other hacktivists have also taken advantage of them:

• Unlike taking to the streets in protests that could result in arrest, injury or worse — and which may not have any impact or even harm the cause — hacktivism provides a less dangerous and often more agile means to asymmetrically target stronger adversaries. Many of the members of the Cyber Partisans operate outside of Belarus, which greatly reduces the government's ability to identify and combat them compared to its crackdown on domestic dissent.
• Particularly when targeting governments, using digital means can enable a single individual or small group to have an outsized impact that circumvents authorities' much greater real-world repressive capabilities. Following the Feb. 1 Myanmar coup, activists under siege in the country asked the hacktivist known as "Donk Enby" for help, leading the leaker to leak files that spurred tech companies to remove coup leaders from their platforms and governments to impose sanctions on newly identified military-linked firms.
• Contrary to riskier in-person activities that still may not achieve their desired goal, hacktivists exploit the growing reliance on storing valuable data digitally. Following the Jan. 6 Capitol riot, individual hacktivists, including Donk Enby, leaked a massive amount of user data from multiple right-wing tech platforms that the co-founder of DDoSecrets — a successor to Wikileaks that hosts much of the leaked information — called a gold mine for identifying rioters, supporting prosecutions and mapping the extremist online community.

Over the decade, hacktivists may take advantage of cyber trends and the diffusion of protest movements to broaden their efforts to include more diverse targets, perpetrators and tactics. Doing so, however, would likely raise reputational costs that generate blowback and erode popular sympathy in some quarters, risk internal divisions that weaken their movement, and invite heightened external pressure that disrupts their activities. Drawing on the growing reliance on networks to store sensitive data, the rising prominence of cybercriminals and their tactics and the spread of broad protest movements that span continents, more militant hacktivists could escalate their activities in ways that could generate more attention and possibly effect greater change, but also entail trade-offs.

• In the most likely scenario, hacktivists will probably harness growing global grievances against a variety of industries — such as energy, finance and big tech — to target firms in these sectors. Doing so would likely garner at least some popular support, though there still may be some disagreements among hacktivists over the most important companies to target and those firms may use their capabilities to fight back.
• Some hacktivists may partner with various cybercriminals, whose capabilities continue to receive significant media attention, to go after common targets in which the criminals derive monetary benefit and the hacktivists generate attention to their cause. But doing so would also undermine hacktivists' professed claims to benevolence, likely generating pushback within the hacktivist community and triggering law enforcement blowback.
• More aggressive hacktivists seeking to exert greater pressure on their targets could also expand their tactics beyond typical hack-and-leak operations to wider disruptions, such as via ransomware attacks that paralyze digital networks or even more escalatory cyberattacks that cause real-world disruptions. But such moves would inevitably tarnish hacktivists' reputations, split the broader community and — especially if they produce destructive real-world consequences — catalyze government pressure that could move beyond law enforcement to include intelligence or even paramilitary responses.