5 minutes read

Anonymous Rewrites The Rules of Cyber warfare in their attacks on Russia.

Jeremiah Fowler

Jeremiah Fowler

Anonymous Rewrites The Rules of Cyber warfare in their attacks on Russia.

What has Anonymous accomplished in a Cyberwar with Russia?

The methods Anonymous has used against Russia have not only been highly disruptive and effective, they have also rewritten the rules of how a crowdsourced modern cyberwar is conducted. In addition to hacking and releasing Russian data, the group has also offered cyber security assistance to Ukraine such as penetration testing and finding vulnerabilities before Russia could exploit them. Anonymous also offered free training to new recruits on denial of service attacks and other hacktivist methods. This effectively allows anyone with a computer and an internet connection regardless of their technical skills to join in the cyber war. The initial call to action posted on Twitter transformed into a larger operation that spread far beyond the Russian government, companies, or organizations, and included an information campaign aimed at Russian citizens.

New Methods and Techniques that are hard to defend against include:

  • Hacking Printers – Russian censorship has blocked many inside the country from knowing the true scale of the war and Russian losses. Anonymous hacked printers across Russia and printed uncensored facts or anti-propaganda and pro-ukrainian messages. The group claims to have printed over 100,000 documents. This also includes barcode printers at grocery stores where prices were changed and product names were changed to anti-war or pro-Ukrainian slogans.
  • Using Conti Ransomware Code – The Conti ransomware leaders pledged allegiance to Russia after the war and shortly after their data was leaked including their source code. Anonymous affiliate group Network Battalion 65 or NB65 hackers edited the source code and turned Conti’s Ransomware against Russia by encrypting data that users could no longer access. Analysis showed 66% of the code used to attack Russian assets matched Conti. Like traditional ransomware, victims could make a payment to have the data decrypted and regain access after paying a ransom that would reportedly go to Ukraine. In early May, NB65 dumped 7 million credit card numbers from QIWI, a leading provider of payment and financial services in Russia.
  • Hijacking Russian Servers – They hacked Russian hosting servers and then used them to attack other Russian websites and services. Using Russian IP addresses would cause disruption and denial of service to sites that use the simple protection method of geo blocking IP addresses outside of Russia. This is effective and the owners of the hacked servers often have no idea their resources are being used to launch attacks on other servers.
  • Hacking The News – The Russian government was so concerned with censorship about the war that they passed a “Fake News” law that punished individuals up to 15 years in prison for speaking out against the war if it was deemed to be against Russian interests. Multiple Anonymous affiliated groups launched an attack on Smart TVs, Internet streams, News sites, and television channels that showed images of the war or other news that bypassed Russian censors. Anonymous claimed on Twitter to have hacked Russian streaming services Wink and Ivi, and live broadcasts at the TV channels Russia 24, Channel One, and Moscow 24. Once hacked they showed banned images or information about the war.
  • Attacking Exposed Data – Our research discovered that hackers were targeting exposed Russian databases and changing the names of records or inserting folders with names such as Glory to Ukraine, Putin Stop This War, Hacked by Ukraine, and many others. Records were also deleted both manually and in what appeared to be an attack similar to the MeowBot malicious script that served no other purpose but to wipe out data. Out of 100 databases we identified that 92 were compromised or had evidence that hackers had accessed and vandalized the records.
  • Targeting companies who still do business in Russia – Sanctions and calls from western countries and customers were not enough to fully stop some companies from trying to stay in the Russian market. Profits are the backbone of any business and many companies have a long history of placing revenue over morals. Anonymous threatened to leak insider or sensitive business data and days later dumped 10GB of data belonging to Nestlé. This included emails, passwords, Nestlé business customers, etc.. The group successfully launched denial of service DDoS attacks on Auchan, Leroy Merlin, and Decathlon websites. The threat of cyberattacks combined with the uncertainty of the Russian market have added additional risks for western companies.
  • RoboDial, SMS, and Email Spam – Almost everyone on earth has received some form of spam in the form of a phone call, text, or email message. These usually try to sell a service or scam victims out of money. Now this same technology has been used to bypass Russian censorship and inform citizens of news and messages they are forbidden to learn on state sponsored propaganda channels. Anonymous affiliated Squad303 claimed to have sent over 100 million messages to Russian devices.
  • Holidays and important date Hacks – The psychological effects launching cyber attacks and hacks on key Russian holidays. On May 9th “Victory Day” Anonymous-related hacker group PuckArks claims they were responsible for hacking the Russian YouTube clone called Rutube with access codes breached or leaked. Anonymous hacked Russian Smart TV menus to show all channels and descriptions as anti-war messages during Russia’s parade. On June 8th, the radio station Kommersant FM was hacked to broadcast the Ukrainian national thehem and a sequence of Russian-language anti-war songs. On June 17th, hackers targeted the St Petersburg International Economic Forum’s computer network with a DDoS attack forcing Vladimir Putin to delay his keynote speech by nearly 2 hours. On June 28 (Constitution Day in Ukraine) the websites of Rosreestr and the Presidential Council for the Development of Civil Society and Human Rights (HRC) were hacked.

    Rosreestr is Russia’s official Federal Service for State Registration of real estate and property. Their website displayed text that read “Russian citizens are in solidarity with the Ukrainian people in their struggle for independence and their own, Ukrainian-oriented legislative foundation”.

To read my full report and summary of detailed hacks and attack’s on Russian assets click here: