Written by Joseph Regan & Ivan Belcic
Published on January 2, 2022

There are countless cybercriminals on the web, though only a few elites have earned the right to call themselves the most dangerous hackers in the world. But the best hackers in the world are the ones who never get caught. So the hackers on this list either wanted the world to know what they did, or made a critical mistake that left them exposed.

This article contains :

    Hacking is the practice — or art — of manipulating computer systems to get a desired result. While several of the top hackers featured in this article used their skills for good, others are cybercriminals who stole millions of dollars and caused other damage.

    The most famous hackers in the world

    The people in this list have all made waves in recent years due to their cybercrime exploits. What’s more, they’ve all done it alone — we’ll cover hacking groups later in this article. From a Twitter hacker who swindled people out of their bitcoins to the creator of the most infamous botnet of all time, here are the most dangerous hackers in the world.

    Elliott Gunton

    At the young age of 16, Elliott Gunton was caught hacking telecommunications firm TalkTalk. Since then, he’s been accused of a range of crimes in the UK: data theft, forgery, laundering money with cryptocurrency, working as a criminal-for-hire, hacking and selling access to famous Instagram accounts, and more.

    In the US, he was indicted for identity theft and hijacking EtherDelta, a currency exchange site, and defrauding people out of millions of dollars over nearly two weeks. Authorities claim that he’s managed to swipe up to $800,000 from just one of the many people he’s tricked.

    After pleading guilty in the UK, Gunton spent 20 months in prison (a relatively steep sentence, by UK standards) and was fined over £400,000. Gunton’s charges in the US are still ongoing, as authorities are currently seeking testimony from his alleged victims.

    In the end, Elliot Gunton isn’t the most dangerous hacker in the world, but the sheer breadth of his cybercrimes certainly merits inclusion in this list of the most famous hackers.

    Evgeniy Mikhailovich Bogachev

    It’s very rare that a cybercriminal of Bogachev’s skill is ever identified, but then, malware of the magnitude and destruction of the Gameover ZeuS botnet is rare as well.

    Bogachev’s botnet reached millions of computers around the globe, infected them with ransomware, and stole all the data they had stored on their systems. Not only did this result in over $100 million in damages, it also earned Bogachev the attention of the Russian government, who may have tapped into his network for espionage purposes.

    The FBI and other international crime organizations took two years just to identify Bogachev, and they’re offering three million dollars — the biggest bounty ever posted on a cybercriminal — to anyone who can help bring him to justice. Bogachev now lives openly in southern Russia with a number of luxury cars and his own private yacht.

    The Russian government has never admitted to working with him. These days, Bogachev operates under usernames including slavik, lucky12345, and pollingsoon. With one of the most destructive bits of malware under his belt, it’s no surprise Bogachev is counted among the best hackers in the world.

    Graham Ivan Clark

    Does it seem odd that Barack Obama, Bill Gates, Kanye West, and Elon Musk would ask you for bitcoin on Twitter? If so, you likely avoided falling for Graham Ivan Clark’s massive Twitter hack that blew up in the summer of 2020 and made the young Clark one of the most famous hackers in the word.

    The 17-year-old Clark and his accomplices hacked the social media giant — using an internal Twitter tool — and took control of numerous high-profile accounts in a wide-ranging Bitcoin scam. The hackers used compromised accounts to tweet a message promising $2,000 in bitcoin to anyone sending them $1,000 in the same cryptocurrency.

    Of course, the Bitcoin wallet included in the tweet was controlled by the hackers. This people hacking attack ultimately defrauded victims of over $100,000. Clark pleaded out to a three-year prison sentence in 2021, avoiding a minimum sentence of 10 years had he been tried as an adult.

    What is People Hacking?

    People hacking is a type of cybercrime that involves manipulating victims on a large scale. People hacking attacks use social engineering tricks over the internet to reach large numbers of victims and fool them into falling for the attack.

    By impersonating celebrities on Twitter and dangling the promise of easy money, Clark and his accomplices used people hacking to great effect.

    People hacking attacks use social engineering tactics to fool large numbers of people.By using social engineering tactics, people hacking attacks can fool large numbers of victims.

    Alexsey Belan

    Well before the hacks that put him in the public eye, Alexsey Belan was famous in hacker circles as M4G. On top of hacking video game servers, an Israel-based cloud computing supplier, and ICQ websites, Alexsey began working as a consultant for other hackers and selling people’s private data online.

    By 2011, Belan was considered one of the world's most dangerous hackers by law enforcement, and by 2012, he was officially wanted for his crimes. From 2013 through 2016, Belan hacked and stole data from 700 million accounts: 500 million from Yahoo, and 200 million from other sources, allegedly at the behest of Russia’s FSB.

    As one of the most famous hackers, Belan’s current whereabouts are unknown, though he was last known to be living in Russia. Karim Baratov, one of Belan’s alleged accomplices, was extradited to the US and sentenced to five years imprisonment with a $2.25 million fine.

    Should one of your accounts get compromised in a hack, AVG BreachGuard can help you keep your data safe. Get instant alerts and personalized security advice to protect your accounts in the wake of a data breach.

    Aaron Swartz

    Content warning: The following paragraphs discuss suicide, which some readers may find distressing.

    The late Aaron Swartz is widely considered one of the best and most famous hackers of all time. Not a financially motivated cybercriminal but an internet activist, or hacktivist, Swartz applied his formidable skills toward transforming the internet into a free and open platform for information exchange.

    Swartz was instrumental in establishing the RSS feed, the Creative Commons program, social media site Reddit, and various other internet-based initiatives. But it was his hack of MIT’s network, in which he downloaded thousands of articles from the closed academic resource platform JSTOR, that finally made him a target of the US government.

    The federal authorities in the US were determined to make an example out of the outspoken young activist. After two years of ceaseless legal battles and facing up to 35 years in prison, Swartz tragically took his own life on January 11, 2013 at the age of 26.

    If you or anyone you know may be considering suicide or self-harm, call your country’s suicide hotline immediately.

    What is hacktivism?

    Hacktivism refers to using hacking to advance a social or political agenda. The difference between hacktivism vs hacking lies in the hacker’s motivations. Hackers are generally cybercriminals in search of money or private data, while hacktivists have loftier goals or want to fight for a cause.

    Hacktivists have been known to fight for freedom of information, net neutrality, and human rights. But they still apply hacking tools and methods, and hacktivism can be legally murky.


    The attack on the US Capitol on January 6, 2021 by supporters of former US President Donald Trump sent shockwaves throughout the country and resulted in the deaths of five people. But it was thanks to the efforts of one hacker that footage of the event became widely available.

    Known as donk_enby, she dove into the right-wing social networking platform Parler to salvage over 56 terabytes of public data — including firsthand footage from the attack and user information — before Parler was shut down.

    donk_enby’s goal was to create a permanent repository of data relating to the attack to aid investigators. It’s important to mention that by scraping publicly available data, donk_enby did not compromise Parler’s security and acted completely within the boundaries of the law.

    By acting quickly and working tirelessly to preserve this data before Parler was taken down, donk_enby certainly merits inclusion in this list of the most famous hackers in the world.

    Extra: Mohammed bin Salman

    Mohammed bin Salman is known less as one of the best hackers in the world and more as the current crown prince of Saudi Arabia. He’s not known as a hacker at all — but he is known as the person who is said to have fooled Jeff Bezos with a phishing video.

    The Saudi prince allegedly arranged for Bezos to be sent a phishing message in May 2018 via bin Salman’s account on the secure messaging app WhatsApp. Shortly after Bezos opened the message, which contained a video file, his phone began exporting staggering amounts of data.

    Reportedly among the leaked documents were photographs of the then-married Bezos and his girlfriend. Bezos’s experience is a good reminder of why you should never open attachments you aren’t expecting to receive — even if they’re from royalty, and especially if you’re the wealthiest person in the world.

    AVG AntiVirus FREE includes built-in phishing detection to protect you against malicious email attachments and downloads. It’s just one of the many ways our award-winning antivirus tool can protect your data against hackers.

    The most infamous hacker groups

    Not all hackers act alone. Some of the most devastating hacks in history have been pulled off by coordinated hacking groups, many of which are allegedly state-sponsored. Working covertly with hacking groups lets governments engage in cyberwarfare while maintaining a veneer of plausible deniability.

    The Equation Group & the Shadow Brokers

    The Equation Group is the informal name of the Tailored Access Operations (TAO) unit of the US’s National Security Agency (NSA). Founded around 2001, the hacking group started as a closely held state secret. The hacker group was “discovered” in 2015, with two types of spying malware — EquationDrug and GrayFish — linked to the organization.

    The Equation Group also hoarded known vulnerabilities to maintain exploits for their hacks. It’s thought they were behind Stuxnet, the computer worm that disrupted Iran’s nuclear program. By government standards, this was all relatively mundane — until the Shadow Brokers came along in August of 2016.

    Under the Twitter handle @shadowbrokerss, the hacking group announced an auction for a number of tools used by the Equation Group. Among these tools were EternalBlue, EternalRomance, and other exploits that facilitated some of the most dangerous malware attacks of 2017, including the infamous Wannacry and NotPetya ransomware attacks.

    The Shadow Brokers appeared to have unrestricted access to the NSA. Over the coming months, they went on to reveal a list of servers and tools used by the Equation Group, and offered a “data dump of the month” to anyone willing to pay the fees. Since then, the Shadow Brokers have gone silent, with their identities and origins still unknown.

    Bureau 121

    Bureau 121, North Korea’s internal hacking group, has been linked to several of the most dangerous malware events of the past decade. The first and perhaps most famous was the Wannacry ransomware attack, for which the US sanctioned North Korea in 2019. Wannacry infected around 300,000 devices and caused four billion dollars in damages.

    Screenshot of the Wana decryptor ransomware note on an infected computer.Screenshot of the Wana decryptor ransomware note. Source: Wikimedia Commons.

    In 2014, Bureau 121 hacked Sony Pictures in response to the Seth Rogen comedy film The Interview. The attack leaked countless personal emails and details, and Sony spent around fifteen million dollars repairing the damage.

    Stuffed in crowded, often overheated apartments with heavy security and limited freedom, the average North Korean hacker is expected to bring in, then hand over, between $60,000 and $100,000 per year. While the members of Bureau 121 may be among the world’s best hackers, their lives are far from glamorous.

    Fancy Bear

    Often operating under other names, Fancy Bear is a hacking group linked to the Russian government. While Fancy Bear isn’t responsible for all of Russia’s online espionage, they’re the country’s most dangerous hacking group and have been responsible for some of the most high-profile hacks of the decade.

    Since hacking the Georgian government in 2008 to prepare for a Russian invasion, Fancy Bear has threatened anti-Kremlin journalists and protesters, hacked the German parliament, made death threats to the wives of US army personnel, shut down 20% of Ukraine’s artillery, leaked emails from the Democratic National Convention, and targeted the Biden campaign.

    Evidence of Fancy Bear’s election tampering has also been discovered in Germany, France, and Ukraine. But despite being one of the most disruptive hacking groups in the world, Fancy Bear rarely takes credit for their work — often operating under the aliases of Anonymous or ISIS.

    Moscow has denied any connection to the hacker group. Regardless, Fancy Bear doesn’t seem to be going away anytime soon.


    Emerging in 2020 with a devastating wave of ransomware attacks, the DarkSide group and their eponymous ransomware-as-a-service (RaaS) have quickly gained fame as one of the world’s most dangerous hacking groups. But it was their 2021 attack on Colonial Pipeline in the US that made them a household name in cybersecurity.

    The attack resulted in a partial shutdown of the network responsible for 45% of the gasoline supply in the East Coast of the US, triggering widespread gasoline panic-buying across the region. 

    The DarkSide hacker group presents itself as a “trustworthy” ransomware attacker, targeting high-profile corporations, delivering decryption codes upon payment, and even creating a polished website of resources for journalists. Regardless, if you’re targeted by ransomware, don’t pay the ransom — the money will be used to fund additional attacks.

    You can protect your devices against ransomware by always using updated software, since many types of ransomware exploit security holes in outdated operating systems. A reliable ransomware protection tool will take your defenses a considerable step further.

    AVG AntiVirus has built-in ransomware protection to keep your important files secure.AVG AntiVirus features built-in ransomware protection.

    Unit 8200

    The pseudo-clandestine cyberintellegence branch of the Israeli government, Unit 8200 is a hacking group with a proven track record in public service and counter-terrorism activity. They’re also responsible for some of the most terrifyingly efficient types of malware ever produced, as well as mass spying and exploitation of governments and civilians alike.

    Unit 8200 helped develop the Stuxnet worm and created the Duqu 2.0 spyware, using it to covertly infect cybersecurity provider Kaspersky Labs for months. According to the New York Times, this attack is what ultimately uncovered the alleged link between Kaspersky and the Russian government. Duqu 2.0 was also used to infect hotels in Austria and Switzerland hosting international negotiations with Iran in 2015.

    PLA Unit 61398

    Until recently, China had categorically denied being involved in cybercrime or even having a hacker group operate to their benefit. But in 2015, China openly admitted it had a cyberdefense team, and they’ve since been linked to several notable events.

    The hacking group’s Operation Shady RAT is one of the largest state-sponsored online attacks ever executed. From 2006 to 2011, PLA Unit 61398 infiltrated and stole data from over 70 companies, governments, and nonprofit organizations around the world. High-profile data theft makes up the bulk of PLA Unit 61398’s activities. 

    In 2014, they were blamed for the theft of countless sensitive documents on Israel's missile defense system, known as the Iron Dome. Unit 61398 started hacking US companies again after a brief hiatus, and they were recently linked to tech giant Huawei. The sizable hacking group is estimated to use over 1,000 servers.


    Many independent hacking groups fall apart as quickly as they emerge — which makes Machete’s decade-plus career almost miraculous. And like any good and long-lived hacking group, Machete is completely shrouded in mystery.

    Discovered in 2014, Machete has maintained a focus on the Venezuelan military, though it has also targeted victims in Ecuador, Colombia, and Nicaragua. Machete’s hand-crafted phishing emails have been used to great effect in the theft of sensitive military data such as navigation routes and grid positioning.

    With every new data theft, Machete incorporates new information into subsequent phishing attacks in a cycle of continual heists and technique refinement.

    Defend against data theft with AVG BreachGuard

    As we’ve seen, many of the large-scale hacks in this list are focused on data theft, often targeting large companies. If your account gets compromised in a data breach, your personal information may be at risk.

    AVG BreachGuard is your ally in the fight against data theft. Get alerts if any of your accounts are targeted in a breach, and learn how to respond to protect your data before anyone can take advantage of it.

    Connect privately on your Android with AVG Secure VPN

    Free trial

    Connect privately on your iPhone with AVG Secure VPN

    Free trial
    Joseph Regan & Ivan Belcic