Hacktivist Groups Keymous+ and DieNet Drive 70% of Retaliatory Cyber Attacks
Cybersecurity researchers report that two hacktivist groups — Keymous+ and DieNet — drove nearly 70% of all retaliatory cyber attack activity in the final days of February, targeting government websites, financial institutions, and critical infrastructure across NATO-aligned countries.
Cybersecurity researchers have documented a significant surge in hacktivist activity during the final days of February 2026, with two groups — Keymous+ and DieNet — driving nearly 70% of all tracked retaliatory cyber attack activity between February 28 and March 2, targeting government websites, financial institutions, and critical infrastructure.
Attack Patterns
The attacks primarily consisted of distributed denial-of-service (DDoS) campaigns against government websites and financial institutions in NATO-aligned countries, combined with defacement attacks on vulnerable web applications and data theft from exposed databases. Keymous+ focused on European government targets, while DieNet concentrated on financial services and telecommunications infrastructure. The attacks were largely unsophisticated — volumetric DDoS and exploitation of known vulnerabilities — but their coordinated timing and volume created significant disruption.
Motivation and Attribution
Both groups publicly claimed their attacks were retaliatory in nature, motivated by geopolitical events including military operations in the Middle East and ongoing tensions over Western sanctions. The groups communicated primarily through Telegram channels, posting evidence of successful attacks and coordinating timing. While the groups present themselves as ideologically motivated hacktivists, researchers note that the distinction between hacktivist groups, state-sponsored proxies, and financially motivated criminals has become increasingly blurred, with some groups operating across all three categories simultaneously.
Defensive Implications
The surge highlights the growing role of hacktivist activity in geopolitical conflict, where cyber attacks serve as a form of asymmetric response to conventional military and diplomatic actions. Organizations in targeted sectors should ensure their DDoS mitigation services are configured and tested, verify that public-facing applications are patched against known vulnerabilities, and monitor for indicators of compromise associated with the groups' known tooling. The hacktivist threat is unlikely to diminish as long as geopolitical tensions persist.
Related Articles
Fedora 44 Beta Ships with GNOME 50, KDE Plasma 6.6, and Wayland-Only Default
Fedora Linux 44 Beta has arrived with simultaneous upgrades to GNOME 50 and KDE Plasma 6.6, dropping X11 sessions entirely in favor of a Wayland-only future. The release includes Linux kernel 6.19, GCC 16.1, Go 1.26, and a project-wide goal of 99% reproducible builds.
NVIDIA Open-Sources NemoClaw: Enterprise AI Agent Platform Debuts Ahead of GTC
NVIDIA has released NemoClaw as an open-source enterprise AI agent platform, offering a chip-agnostic framework for building, deploying, and managing autonomous AI agents at scale. The platform integrates with NeMo, Nemotron models, and NIM microservices, with launch partners including Salesforce, Cisco, Google, Adobe, and CrowdStrike.
Linux Kernel 7.0 Hits RC3 as Rust Support Officially Graduates to Stable
Linux 7.0-rc3 lands with a milestone for systems programming: Rust language support in the kernel is now officially stable after years of experimental status, plus early driver enablement for Intel Nova Lake and AMD Zen 6 hardware.