Hashtags are fast emerging as coordination tools and digital identifiers for global hacktivist campaigns, with distributed denial of service (DDoS) attacks dominating the cyber threat landscape in 2025, cybersecurity company Kaspersky says in a new report.

The study, titled “Signal in the Noise,” analyses the activity of over 120 hacktivist groups and more than 11,000 posts shared across surface and dark web channels this year. It reveals that hacktivist operations are increasingly global, extending beyond conflict zones to include victims in Europe, the Americas, Asia, and Africa — a trend that signals growing risks for governments and businesses in emerging digital economies such as Nigeria’s.

Kaspersky said in a statement made available to Technology Times that over 2,000 unique hashtags have been tracked in 2025, with 1,484 appearing for the first time. These tags, which often serve as markers of unity, operational codes, and claims of responsibility, show how hacktivists now use social media-style tactics to mobilise and publicise their actions. While many hashtags fade within two months, some persist longer when amplified through inter-group alliances.

The report finds that DDoS attacks remain the preferred weapon of choice for hacktivist groups, accounting for 61% of all reported incidents. In addition, 90% of malicious outbound links shared by hacktivists directed users to third-party tools that verify downtime — a tactic used to demonstrate successful attacks.

“Hacktivist groups thrive on visibility rather than stealth, unlike typical cybercriminals. However, their craving for publicity can ultimately be turned against them,” Kseniya Kudasheva, Digital Footprint Analyst at Kaspersky says. “By continuously monitoring hacktivist groups, businesses and governments can gain early insights into where attacks may be directed next. That’s why it’s crucial for organisations to leverage tools like Kaspersky Digital Footprint Intelligence – to transform these signals into actionable threat insights,” she adds.

The report finds that DDoS attacks remain the preferred weapon of choice for hacktivist groups, accounting for 61% of all reported incidents. In addition, 90% of malicious outbound links shared by hacktivists directed users to third-party tools that verify downtime — a tactic used to demonstrate successful attacks.

Kaspersky researchers note that once hacktivists announce their intention to target an organisation, attacks typically follow within days or weeks, creating short threat windows that demand rapid detection and response. These campaigns, they add, are often collaborative, with alliances among groups creating momentum and spawning new hashtags symbolising joint operations.

For African organisations and public institutions expanding their digital infrastructure, the report serves as a timely warning. Kaspersky urges them to invest in stronger cyber resilience measures, including:

• Prioritising DDoS mitigation with scalable defences and regularly tested incident response plans.
• Investing in continuous monitoring of surface and dark web ecosystems to detect threat announcements early.
• Treating hacktivist threats as immediate, short-term warnings that require fast and coordinated action.
• Recognising global exposure, as hacktivist activity seeks visibility rather than regional boundaries.

With the expansion of digital economies across Africa, analysts warn that hacktivist operations may increasingly target government portals, critical infrastructure, and online services as part of attention-driven campaigns.

As Kaspersky’s findings show, the hashtag is no longer just a social media symbol — it has evolved into a weapon in the growing playbook of digital activism and cyber disruption.