Since declaring cyberwar on Russia through the #OpRussia campaign, the hacktivist group Anonymous has been busy. It has been three weeks since the Anonymous collective tweeted their declaration of war, and in that time the decentralized group has been a mainstay of news headlines.
Since Russia invaded Ukraine the Anonymous twitter account, @YourAnonNews has gained close to 500,000 followers. In the hybrid war format where both acts of kinetic war and cyber war have been documented many hacker groups have claimed responsibility for attacks targeting Russian infrastructure. The Anonymous collective is one of the most prominent independent actors engaging in the cyber offensive.
Dating back to 26 February 2022, Anonymous claimed responsibility for an attack targeting Russian State TV channels by broadcasting actions carried out by Russian military forces in Ukraine and the resulting destruction of Ukrainian cities. This attack was quickly followed up by an attack targeting Electronic Vehicle charging stations in Moscow, which were reconfigured to display the message “Glory to Ukraine.” Another attack that Anonymous claimed involved taking control of a Linux terminal and a gas control system in Nogir, North Ossetia. Anonymous actors claimed that the attackers changed the dates on the terminal and could have increased the gas pressure at the control system to a degree that would turn the site into fireworks.
Chechen leader Ramzan Kadyrov, who supported Vladimir Putin by deploying Chechen forces to Ukraine has also found that the Chechen Republic has been targeted by the hacking group Anonymous. Anonymous actors have claimed to be responsible for taking down the Chechen Government Website in late February.
As Anonymous’ hacking campaign continued it seemed clear that their mission was to simultaneously inform the Russian Public of the ongoing events in Ukraine and to cause roadblocks for the Russian Government by interrupting communications. Targets continued to include Government websites as well as other media platforms. The collective defaced the Russian Space Research Institute on 4 March and claimed to have stolen data from the Russian space agency Roscosmos, posting download links on Twitter. Anonymous also claimed responsibility for attacks on Russian-state television channels including Russia 24, Moscow 24, and Channel One, in addition to streaming services, Ivi and Wink. In the attacks occurring on the evening of 6 March, Anonymous broadcasted footage of the war in Ukraine to raise awareness among the Russian public about the events that were occurring.[1]
The group remained active targeting Roskomnadzor, which acts as the Russian Federal Service for Supervision of Communications, Information Technology, and Mass Media. On 10 March 2022, Anonymous claimed to have stolen 360,000 files totaling approximately 820 Gigabytes of information. The attack was announced by Emma Best of DDoSecrets and the dataset is available on the DDoSecrets website Much of the information obtained in the attack deal with Bashkortostan, a province within Russia. Roskomnadzor is a key player in the dissemination of information within Russia and has recently tasked with blocking social media platforms including Facebook and Twitter. Since 4 March 2022 Russia has been cracking down on information sharing, particularly when the information contradicts the Russian government by arresting individuals who voice opposing opinions online with a maximum sentence of 15 years in prison. [2]
Anonymous has also targeted organizations outside of Russian borders including Rosneft Deutschland, a German branch of the Russian Oil Company Rosnseft. The group claims to have captured 20 terabytes of data from the company in a statement made on Friday, 11 March. Rosneft Deutschland responded by taking systems offline while their pipelines and refineries continue normal operations. Anonymous claimed that they did not want to target Russian energy companies directly as there are states sanctioning Russia, but still rely on Russian energy.
Distributed Denial of Service (DDoS) attacks continue to be a tactic used by intendent attackers targeting Russia and Ukraine during the conflict. The Anonymous group has claimed to have hit a number of Russian websites with DDoS attacks including the Federal Security Service (FSB) which is the principal security agency of Russia, the Russian Stock Exchange, Analytical Center for Government of the Russian Federations, and the Ministry of Sprot for the Russian Federation. These attacks took place on 15 March 2022 and were accompanied by tweets from @YourAnonNews showing the target domains and their service status.
Over 400 surveillance cameras have been hacked and defaced with messages against President Putin’s actions in Ukraine. The messages on the cameras read, “Putin is killing children; 352 Ukraine civilians dead; Russians lied to 200RF.com; Slava Ukraini! Hacked by Anonymous.” It comes as no surprise that Anonymous has claimed responsibility for this attack.
Squad303, a newly formed independent collective formed of Anonymous-associated programmers took part in an SMS campaign, sending out close to 7 million text messages to Russian Citizens urging them to act in protest against Russian attacks on Ukraine. The campaign was reported in a tweet by @squad303 and includes individuals sending messages to randomly selected Russian citizens.[3]
Based on claims by the Anonymous group and further analysis by Jeremiah Fowler of Security Discovery it is highly likely that the Anonymous collective is responsible for hacking Russian databases belonging to retailers, Internet Service Providers, and intergovernmental websites including the Commonwealth of Independent States (CIS). Files from these databases were erased and folders were renamed to “putin_stop_this_war” Researchers believe that hackers had access to more than 270,000 email addresses, names, and addresses, however it is unknown if the attackers exfiltrated the information or what they would plan to do with the information if it was collected.[4] Of 100 Russian databases analyzed 92 had been compromised.
The attacks continue as news broke on 21 March 2022 that Anonymous has hacked printers across Russia. The group used the devices to print out Anti-propaganda messages and instructions on how to install The Onion Router (TOR) browser. Based on a tweet, the group claims that in 2 hours 15 people have printed out over 100,000 copies of the printout.
As the group continues its antiwar efforts it has been met with criticism and opposition. It is difficult to verify the claims of independent hacking groups involving themselves in the cyber conflict between Russia and Ukraine, however a pro-Russian group claimed to shut down Anonymous’ website, to which @YourAnonNews responded with the following tweet. Independent hackers should be reminded that their actions are likely illegal, and they could be targeted in retaliatory attacks.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
[1] https://www.hackread.com/anonymous-hack-russia-tv-streaming-service-ukraine-war/?web_view=true
[2] https://www.hackread.com/anonymous-hacks-roskomnadzor-russia-agency/?web_view=true
[3] https://www.hackread.com/anonymous-sent-texts-to-russians-hacked-security-cams/
[4] https://www.cnbc.com/2022/03/16/what-has-anonymous-done-to-russia-here-are-the-results-.html
Comments