Anonymous stated a a large-scale cyber war against Russia after the invasion of Ukraine. Since Russia has one of the largest cyber armies on the planet and its intelligence agencies maintain some of the most capable outside groups in the network of networks, a cyber security specialist (an American who worked in Kiev for the past 10 years until he fled to Poland in February) investigated whether Hacktivists Anonymous is achieving its goals. And how they do it.

Russia’s invasion of Ukraine continues, albeit with less and less attention in the news. As usual… The invasion left thousands dead and wounded, millions of internally displaced persons in Ukraine and the biggest refugee crisis in Europe since World War II. Not to mention the economic ramifications that have spread across the planet, galloping inflation that is making us poorer every month, and a recession on the horizon when we should be done with the effects of the coronavirus pandemic at this point in the year. COVID.

When the invasion began in February, we did a modest situational analysis because the war in Ukraine is also being fought in cyberspace. If Russia shows itself sufficiently in the physical world «unable to achieve their goals« According to all international analyses, Russia has offensive and defensive elements in the world of cyberspace, which are listed among the planetary elite.

According to a Microsoft report by Russian security services prepared in advance for a military invasion and are likely to have attempted or already accessed Ukrainian information and technology systems, including energy providers and other critical services. In fact, cyber-attacks (DDoS, hacked websites, Wiper malware that deleted data and programs) against critical infrastructures, government agencies and financial entities were already registered in Ukraine, Lithuania and Latvia before the invasion. Certainly, these attacks have continued from Russian agencies and groups sponsored by the Putin government.

Anonymous takes action

It is a pseudonym used by a cyberactivism and hacktivism group that has been operating since 2003. Known for its cyberattacks on governments of all kinds, corporations, sects, copyright companies, etc., many people saw Anonymous as cybervandals. Anonymous has made a lot of threats and done some successful hacks, but they haven’t done any truly world-shattering attacks.

When the invasion of Ukraine began, Anonymous declared cyberwar on Russia, and the tone of media and public opinion about the group’s actions shifted toward a “digital Robin Hood” reputation. The group has won support for its actions in defending the smaller Ukraine against the larger, more cyber-capable Russia.

Security specialist and co-founder of Security Discovery, Jeremiah Fowler, worked in Ukraine for 10 years and together with the Website Planet team monitored the actions of Anonymous in Russia. Before publishing large data dumps of hacked logs analyzed 100 Russian databases and he found out 92% of them were compromised with pro-Ukrainian messages or removed entirely.

The methods Anonymous used against Russia were not only highly disruptive and effectivebut -according to the researcher- “They also rewrote the rules of how modern cooperative cyber warfare is conducted”. In addition to hacking and releasing Russian data, the group also offered Ukraine cybersecurity assistance, such as penetration testing and finding vulnerabilities before Russia could exploit them.

Anonymous also offered free training for new recruits about denial of service attacks and other hacktivist methods. This allows anyone with a computer and an internet connection, regardless of their technical skills, to engage in cyber warfare. The initial call for a “fight” posted on Twitter turned into a larger operation that spanned the Russian government, businesses and organizations and included an information campaign targeting Russian citizens.

What has Anonymous achieved so far and how?

Some of the techniques used by Anonymous in the conflict are:

database hacking. The group claims to have hacked into more than 2,500 Russian and Belarusian websites and obtained massive amounts of data that they say will take months to analyze. They have already published leaked information on top Russian military officials, the Russian Central Bank, the Roskosmos space agency, oil and gas companies (Gazregion, Gazprom, Technotec), the Sawatzky wealth management company, the VGTRK TV station and others.

Russian server hijacking. Anonymous hacked into Russian hosting servers and then used them to attack other websites and services in the country. The use of Russian IP addresses caused outages and denial of service to websites using a simple geoblocking method to protect IP addresses outside of Russia. This is very effective because hacked servers are often unaware that their resources are being used to attack other servers.

pirate printers. Russian censorship prevented many citizens in the country from learning the true extent of the war and Russian losses. Anonymous claims to have hacked Anonymous printers to distribute more than 100,000 pro-Ukraine documents. This also included barcode printers in grocery stores where prices and product names were changed to anti-war slogans.

Using the Conti ransomware code. Group 65th Network Battalion, affiliated with Anonymous, modified the source code of the Conti malware (of Russian origin) and used it in ransomware attacks. As in a typical attack with this malware, the victims’ computers were hijacked and forced to pay a ransom that was allegedly going to the victims in Ukraine.

Against companies doing business in Russia. Sanctions from Western countries and customers have not been enough to completely prevent some companies from trying to stay in the Russian market. Profits are the backbone of any business, and many companies have a long history of prioritizing revenue over morality. Anonymous threatened to leak confidential or internal business data from some of them, such as Nestlé, Leroy Merlin and Decathlon.

RoboDial, SMS and email spam. Squad303, another group affiliated with Anonymous, claims to have sent more than 100 million messages to Russian facilities to bypass censorship and inform citizens. The technology used is the same as spam that tries to sell a service or scam victims.

intelligence hack. The Russian government passed a “fake news” law punishing journalists with up to 15 years in prison for speaking out against the war. Several Anonymous-affiliated groups launched attacks on smart TVs, Internet broadcasts, news sites and television channels that showed war footage or other news that bypassed Russian censors.

It is only a sample as many more techniques have been used, most of them successful. The questions pile up: Have we overestimated Russian cyber capabilities? Do these actions cause real damage, the main goal of which is to stop the invasion of Ukraine?

And other related questions. Anonymous is consolidating itself as a veritable decentralized cyber army with the tacit approval of a section of public opinion, but what happens when a larger and well-trained one takes another cause? What happens when these new cyber tools, methods and recruits target Western companies, banks or government infrastructure? This is an interesting article from Website Planet that we recommend.