More than 2,500 websites linked to the Russian and Belarusian governments along with state-run media, banks, hospitals, airports, and companies have been hacked in the week since the Anonymous collective declared that they launched cyber operations against Russia in response to the invasion of Ukraine, a prominent Anonymous account reported this evening.
The antiwar hackers have also gone after pro-Russian hackers, swiping and leaking thousands of internal chats from the Conti ransomware group, as well as military communications and more. “IP cameras were put in place to monitor #Ukrainian movements,” one Anonymous account posted on Twitter. “We made sure to lock the Russians out of their own little spying devices by changing their default passwords and knocking their stuff offline.”
And Anonymous accounts reported that they’re now battling Russian disinformation and trolls. State-affiliated Russia Today declared that “Anonymous gets a taste of its own medicine” as pro-Kremlin hackers “struck back at both Anonymous and Ukrainian pages,” prompting Twitter accounts associated with the collective to note that Anonymous is a decentralized movement with no official website, channel or social media platform. Access was blocked to the RT article this evening.
Anons also said pro-Russian elements were circulating a hit list to report their social media accounts en masse, trying to get #OpRussia hackers deplatformed. Ukraine supporters without hacking skills were urged to hijack hashtags that were trending on Twitter earlier today in support of Russia and President Vladimir Putin, and use them to distribute content showing the truth about Russia’s attack on Ukraine.
Hackers were using #OpRussia, #OpKremlin, and similar hashtags to announce actions against Russian sites, similar to the #OpISIS campaign that targets the terror group’s deluge of online propaganda and the #OpKKK campaign that targets white supremacists.
Latest cyber ops claimed by hackers include breaching and leaking files from the Rosatom State Atomic Energy Corporation, taking down the official portal of the pro-Putin government in Crimea, and broadcasting Ukraine’s national anthem on Gazprom Media Radio. The Russian government portal was also down this evening.
Data dumps were posted that were said to have come from hacks on sites including banking, manufacturing, and Belarus state-owned CTV.
Hacker v0g3lSec posted files that they said came from a private service hosted by Russian State Space Corporation “Roscosmos” and contained space agency data on the Luna-Glob moon exploration program. They also left a message on a website connected to Russia’s Space Research Institute warning to “leave Ukraine alone else Anonymous will f*ck you up even more.”
NB65, a hacking group affiliated with Anonymous, claimed earlier that it breached the control center of Roscosmos and cut off the agency’s control over its spy satellites as part of the ongoing cyber-offensive. “And we’d do it again,” the group tweeted today.
“You must understand that there’s more to hacking than defacing a website or DDoSing a server,” NB65 also tweeted. “Every bit matters but we aren’t going to give you live overview of network hacks. Then the company will just patch.”
An Anonymous video posted Feb. 15 threatened to “take hostage” industrial control systems if the crisis escalated, and since #OpRussia began hackers have claimed breaching a Russian Linux terminal and gas control system in Nogir, North Ossetia. One Anonymous account posted a long list that they said was IP addresses and ports for industrial control systems in Russia.
“WaterKotte control panel systems found in Russian g0v n3tw0rk,” another Anonymous account tweeted Tuesday. “Let’s just say we’ll be having a little bit of fun with the control panels.”
The Belarusian Cyber-Partisans, which said on Twitter that it hacked railway systems in Minsk, Orsha, and Osipovichi to obstruct Russian military movements toward Ukraine from the country, said Tuesday that the rail cyber-attack continues: “Automated Dispatcher systems are’t functioning. New networking equipment (switches, routers) that were brought to replace old ones got infected. Dispatching system Neman is affected. All trains are delayed.”
One Anonymous video on Tik-Tok explained that their hacking couldn’t defuse the nuclear threat, though: “Because so many have asked: No, it is not possible to hack Russia’s nuclear weapons and render them harmless.”
Members of the collective posted a video press release Saturday that vowed “these actions will continue,” as “activists will not sit idle as Russian forces kill and murder innocent people trying to defend their homeland.”
The hackers acknowledged that “some of our actions may be considered illegal in the eyes of various governments,” but they saw “no reason any western laws should be used against our actions in trying to protect and defend the people of Ukraine, and also to help educate the people of Russia.”
DHS’ Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint Cybersecurity Advisory Saturday providing an overview of destructive malware that has been used to target organizations in Ukraine as well as guidance on how organizations can detect and protect their networks. An intelligence brief from the Department of Homeland Security in January warned stakeholders that Russia “would consider” launching a cyber attack against the United States if the U.S. or NATO respond to Russia’s potential invasion of Ukraine in a way that the Kremlin perceived as threatening to Russian security.
“If things continue as they have been in the past few days,” said one new Anonymous video on Tik-Tok, “the cyber war will be expanded and our measures will be massively increased. This is the final warning to the entire Russian government. Don’t mess with Anonymous.”
Anonymous vs. Russia: Hackers Say Space Agency Breached, More Than 1,500 Websites Hit