HomeInsightsBlog PostsHacktivist Group DieNet Claims DDoS Attacks against U.S. CNI

Hacktivist Group DieNet Claims DDoS Attacks against U.S. CNI

By: The Center for Internet Security® (CIS®) Countering Hybrid Threats (CHT) team

Published April 16, 2025

As noted in a ThreatWA™ Critical Trend Briefing, DieNet is a new hacktivist group that emerged on Telegram on March 7, 2025. At the time, it announced its intention to target "outlaw sites and corrupt government platforms" with Distributed Denial of Service (DDoS) attacks. Two days later, the group’s activity intensified following the arrest of Columbia University activist Mahmoud Khalil, an incident reported by the Associated Press and others. In the aftermath of Khalil's arrest, DieNet claimed numerous DDoS attacks against U.S. Critical National Infrastructure (CNI), including energy, financial, healthcare, government, transit, and communications infrastructure. Khalil’s arrest likely sparked heightened activity due to DieNet’s ideological motivations, which appear to be grounded in pro-Palestinian beliefs that oppose the 47th U.S. Presidential Administration.

While DDoS attacks can cause integral service interruptions, financial losses, and public uncertainty, many of DieNet’s claimed DDoS operations targeted minor webpages and likely did not cause significant outages. But DieNet alleges its technical resources are growing.

This blog post will examine DieNet's ideology, review the DDoS attacks it's claimed against U.S. CNI, and share our outlook on future DieNet activity.

Unpacking DieNet's Ideology

Based on a review of the group’s Telegram activity, interactions with other hacktivist groups, and targets, DieNet appears to be an ideologically motivated hacktivist group espousing pro-Palestinian, anti-President Trump views. Several established pro-Palestinian hacktivist groups promoted DieNet, including two with pro-Russian sympathies. Additionally, DieNet posted Telegram statements addressed to President Trump in response to his Administration's foreign policy decisions, and it has claimed attacks against three webpages affiliated with the Trump name.

Promotion by Pro-Palestinian Hacktivist Groups

On March 7, 2025, three pro-Palestinian hacktivist groups promoted DieNet, indicating a possible alliance. These groups are as follows: Mr Hamza, LazaGrad Hack, and Sylhet Gang-SG.

  • Mr Hamza is a pro-Palestinian hacktivist group with ties to pro-Russian, pro-Iranian groups. The group primarily targets Western government agencies, critical infrastructure, and private companies, per Homeland Security Today.
  • LazaGrad Hack is a pro-Palestinian, pro-Russian hacktivist group.
  • Sylhet Gang-SG states it targets “allies of Zionist” entities.

Between March 7 and March 26, 2025, DieNet claimed DDoS attacks against an Israeli newspaper and university.

Anti-President Trump Statements Issued by DieNet

On March 16, 2025, likely in response to U.S. airstrikes against Houthi rebels in Yemen, DieNet issued a warning on its Telegram channel to President Trump.

We have witnessed your crimes — your ruthless bombings, your endless violations, and your arrogance in thinking you are untouchable…Your systems are not secure. Your secrets are not safe. Your networks will not remain intact for long. The countdown has begun.

Eight days later, the group claimed two DDoS attacks against the U.S. government in response to “aggression against Yemen and Palestine under Trump’s orders.” Between March 11 and March 26, 2025, DieNet claimed three DDoS attacks against webpages affiliated with the Trump name, according to Cyber Daily.

DieNet's Claimed Attacks Against U.S. CNI

DieNet has claimed numerous DDoS attacks against U.S. CNI, including organizations in the energy, healthcare, financial services, government services, transportation systems, and communications sectors. These attacks have not been independently confirmed or verified.

Energy

electricity-iconBetween March 14 and March 26, 2025, DieNet claimed six DDoS attacks against the energy sector, including two attacks against the webpage of an electric provider and two attacks against the webpage of a regulatory power organization. DieNet also claimed an attack against the login page of a natural gas and electric company on the West Coast and an attack against a subdomain of a water utility company in the Midwest.

Healthcare

plus-sign-iconOn March 24, 2025, DieNet claimed five DDoS attacks against the healthcare sector in response to a March 23, 2025, Israeli airstrike. DieNet claimed attacks against the webpages of three electronic health record companies in addition to the webpages of a Northeast hospital and a national emergency medical services (EMS) system.

Financial Services

money-iconBetween March 12 and March 26, 2025, DieNet claimed nine DDoS attacks against the financial services sector. The group claimed two attacks against the webpage of a digital payment service provider and four attacks against financial institutions’ login pages. It also took responsibility for website outages at a brokerage firm and a banking association and payments company. Additionally, on March 24, 2025, the group stated it had attacked a U.S. cryptocurrency exchange to expose “the weaknesses in the security of your [American] important sites.”

Government Services

government-building-iconOn March 24, 2025, DieNet claimed DDoS attacks against three federal government agency webpages.

Transportation Services

bus-iconIn the second half of March 2025, DieNet claimed three DDoS attacks against the transportation services sector. It took credit for attacks against two West Coast transit webpages and one Midwest transit webpage.

Communications

chat-bubble-iconBetween March 7 and March 26, 2025, DieNet claimed five DDoS attacks against the communications sector. DieNet took responsibility for DDoS attacks against two webpages and two subdomains affiliated with large social media networks. Additionally, it claimed an attack against the webpage of a Southern-based communications and network services provider.

Outlook on DieNet DDoS Activity Going Forward

Effective DDoS attacks can cause service interruptions, financial losses, and public confusion or panic, but many of DieNet’s claimed DDoS operations targeted minor subdomains and likely did not cause significant outages. However, DieNet’s attacks could become more impactful given the group’s assertions that its membership and botnet are expanding. For instance, on March 16, 2025, it stated on Telegram that “DieNet v2 has entered service.” Just five days later, the group claimed it had breached a database at a U.S. federal government agency and acquired employees’ personally identifiable information (PII). This breach has not been confirmed at the time of this writing. If verified, it would signify an evolution and escalation of DieNet’s Tactics, Techniques, and Procedures (TTPs).

Gain Actionable Insights into Cyber Threats like DieNet

To prepare for future DDoS attacks launched by DieNet, you need threat intelligence that gives you context and mitigation steps, not raw data. This is where ThreatWA comes in. It draws upon a network of law enforcement, cybersecurity, and physical security experts to provide subscribers with actionable insights into multidimensional threats that span across the cyber, physical, and information domains.

Subscribe to ThreatWA today and get the warning and analysis you need to stay ahead of multidimensional threats and ensure your operations are secure.

subscribe now
subscribe now