The shadowy hacker group waging a cyber war against Russia

The Twitter account 'Anonymous' has claimed responsibility for disabling Russian government, news and corporate websites and leaking data from critical institutions

Update: 2022-03-17 01:00 GMT

Shortly after Moscow’s invasion of Ukraine, a shadowy group of hackers announced it was launching a cyber war against Vladimir Putin-led Russia.

When ‘Anonymous’ announced on Twitter that it was going to “paralyse” the Russian regime and its various arms, it had more than 7.9 million followers. Since then it has gained more than half-a-million new followers.

Anonymous is a decentralised international activist-and-hacktivist collective. The movement is primarily known for its various cyberattacks against several governments, institutions and agencies, and corporations.

Since the start of its anti-Russia push, Anonymous has claimed responsibility for disabling prominent Russian government, news and corporate websites and leaking data from entities such as Roskomnadzor, the federal agency responsible for censoring the media.

Also see: Full Coverage of the War in Ukraine

But is any of that true?

Jeremiah Fowler is a co-founder of the cybersecurity company Security Discovery. He worked with researchers at Website Planet to attempt to verify the group’s claims. 

“Anonymous has proven to be a very capable group that has penetrated some high value targets, records and databases in the Russian Federation,” he wrote in a report summarising the findings.

Compromised databases

In a random sampling of 100 Russian databases, researchers found that 92 had been compromised, according to Fowler.

Those targeted included internet providers and intergovernmental websites, including the Commonwealth of Independent States, or CIS, which was established at the end of 1991, after the fall of the Soviet Union, and includes Russia and 11 other republics.

Many CIS files were erased, hundreds of folders were renamed to “putin_stop_this_war” and email addresses and administrative credentials were exposed, said Fowler.

Another hacked database contained more than 270,000 names and email IDs.

“We know for a fact that hackers found and probably accessed these systems,” said Fowler. “We do not know if data was downloaded or what the hackers plan to do with this information.”

Other databases contained security information, internal passwords and a “very large number” of secret keys, which unlock encrypted data, said Fowler. He added that he followed Anonymous’ claims “and the timeline matches perfect”.

TV stations hacked

A Twitter account named @YourAnonNews has also claimed to have hacked into Russian TV stations.

“I would mark that as true if I were a factchecker,” said Fowler. “My partner at Security Discovery, Bob Diachenko, actually captured a state news live feed from a website and filmed the screen, so we were able to validate that they had hacked at least one live feed (with) a pro-Ukrainian message in Russian.”

The account has also claimed to have disrupted websites of major Russian organisations and media agencies, such as the energy giant Gazprom and state-sponsored news agency RT.

“Many of these agencies have admitted that they were attacked,” said Fowler.

In it for the glory

Although Anonymous’ claims mostly check out, that is not the case with other hacktivist groups.

In recent weeks, a pro-Ukrainian group claimed it breached a Russian nuclear reactor, and a pro-Russian group said it shut down Anonymous’ website. The cybersecurity company Check Point Software Technologies concluded both claims were false.

“As there is no real official Anonymous website, this attack…appears to be more of a morale booster for the pro-Russian side, and a publicity event,” said Lotem Finkelstein, head of threat intelligence and research at CPR. The fact did not go unnoticed by Anonymous affiliates, who mocked the claim on social media.

Groups are making fake claims by posting old or publicly available information to gain popularity, said Finkelstein.

Fowler said he feels Anonymous is dedicated more to the “cause” than to notoriety. “In what I saw in these databases, it was more about the messaging than saying, ‘Hey, you know, Anonymous troop No. 21, group five, did this,’” he said. “It was more about the end result.”

Tags:    

Similar News