Defending the weak, punishing the oppressors and intervening where it is possible against injustices, the collective of hacker activists Anonymous takes the stage by turning against Putin’s Russia. With a meager tweet, activists wearing the mask of the revolutionary Guy Fawkes announced that “The Anonymous collective is officially in cyber war with the Russian government” and subsequently “hacked” the site of the Rt news broadcaster and in the company of others groups, including the sites of the Kremlin, the Russian Government and Parliament, the GazProm company, along with many military domains (mil.ru, eng.mil.ru, fr.mil.ru, ar.mil.ru) as a retaliation against the attack on Ukraine.
The first message arrived on the evening of February 24:
Followed by another twitter from @YourAnonOne which instead claimed the take down of the Russian pro-Kremlin broadcaster Russia Today, considered responsible for spreading disinformation and propaganda.
The news was confirmed by the Ria Novosti news agency: “The cyberattacks have hit not only the Federation Council site, but also the Presidency site” and comes shortly after the appeal of a government contractor, Yegor Aushev, addressed to Ukrainian hackers: “Ukrainian cybercommunity! It’s time to participate in the cyber defense of our country”, with an invitation to apply to do so through Google Docs, listing their specialties, such as the development of malware and other professional references. Aushev, founder of cybersecurity firm Cyber Unit Technologies, told Reuters he wrote the post at the request of a senior defense ministry official who contacted him on Thursday.
A subsequent post from the activists says “Anonymous is currently involved in operations against the Russian Federation. Our operations target the government. It is inevitable that the private sector will also be affected. But put yourself in the shoes of the Ukrainians being bombed. Together we can change the world, we can resist anything. It is time for the Russian people to unite and say no to the war of Vladimir Putin ”.
In reality, the DoS attack against the Moscow broadcaster lasted a few hours and the other sites affected are also functioning regularly.
Who are Anonymous against Putin
As a decentralized collective, without hierarchy, without leadership or preconceived ideologies, hackers and activists who from time to time don the mask of Anonymous have attacked the websites of the Vatican, the United States government, the CIA, ISIS and the Church of Scientology, both for fun and for challenge, and to punish injustices, as in this case the authors of a war that could have been avoided.
But it may have been another group that made all Russian military sites unreachable, which are still out of the game. Is called GhostSec and it has been known at least since 2015 for the incursions against cybercaliphate, the ISIS cyber-unit, when, after breaking away from Anonymous, they began to deal with cyber-intelligence and anti-terrorism to then transform into GhostSecSecurity before disappearing.
Now, with the name of GhostSec only, they have restarted their activities and in their Telegram channel they have released at noon on February 25 a list of potential Russian targets to be hit and a large dataleak relating to a telecommunications company of the size of 17 MegaBytes. In the dataleak there are the names of Russian CEOs and managers as well as senior government officials, complete with emails and passwords which, however, date back to 2020.
“The accesses from the gov.ru and mil.ru domains that we have acquired by multiple means, from checking the previous dumps to the dump of some of the same sites included in this leak, are files from one of the telecommunications companies we had previously obtained.”
Even if they use the typical Anonymous jargon naming their actions #OpRussia, it is not possible to know if they are the same ones who were hunting ISIS affiliates by reporting them both to the social networks where they were recruiting and to the police of their countries.
Already during Anonymous’s vast and effective campaign against Isis and in particular against the Tunisian FallagaTeam affiliated with the Caliphate, several observers had noticed the similarities between the approach of GhostSec and another group, RedSec, to that of the American military. Both then intervened to protect and avenge US soldiers included with their families on the proscription lists of jihadists, so much so that Anonymous themselves believed they had links with American military contractors.
So faced with Biden’s warning to use American cyber resources in the face of a widening conflict, their intervention is already causing discussion in the activist underground.