Anonymous and the 2022 Russian invasion of Ukraine

[[File: | ]]

Prelude

Starting from late 2021, Anonymous took notice of the military build-up near the Russia-Ukraine border and thus acted to propagate peace plans to end the War in Donbass by defacing various websites, such as United Nations' Networks on Migration, Polar Research Institute of China, Convention on Biological Diversity, and various government websites in China.<ref name="taiwannews.com.tw">Template:Cite web</ref><ref name="Anonymous posts 'Taiwan Numbah Wan!">Template:Cite web</ref><ref>Template:Cite web</ref><ref name="Anonymous posts Taiwan flag, Peng S">Template:Cite web</ref><ref name="Anonymous hacks Chinese site, Russi">Template:Cite web</ref>

In the hacking campaign named "Operation Samantha Smith", which is a reference to the 1980s child peace activist, they called for a referendum in Ukraine on whether to presumably follow the now-defunct Minsk Protocol or hand over the separatist-controlled territories to a UN peacekeeping administration. Later, a second referendum in the separatist regions would then ask voters to choose to reunite with Ukraine, gain independence, or join Russia. Besides that, they also called for the creation of a "neutral grouping" of countries "wedged between NATO and Russia" that would include Ukraine, Finland, Belarus, Georgia, Armenia, Azerbaijan, and Moldova. Anonymous argued that the so-called "neutral security belt" could serve as an alliance similar to the North Atlantic Treaty Organisation (NATO) or the Collective Security Treaty Organization (CSTO) that acts as a cordon sanitaire between NATO and CSTO countries in order to "assuage Russia's fears without NATO losing its face."<ref name="taiwannews.com.tw"/><ref name="Anonymous posts 'Taiwan Numbah Wan!"/>

As the situation escalated, they threatened to take hostage of industrial control systems and implicitly warned Russia that the "sole party to be blamed if we escalate on that, will be the same one who started it in the very first place with troop buildups, childish threats, and waves of unreasonable ultimatums." Furthermore, they urged the United Nations to immediately deploy peacekeepers on "at least the Ukrainian side of the frontline in Donbass" under the basis of UN Resolution 337 (V) to "prevent any further provocations" by any side.<ref name="Anonymous posts Taiwan flag, Peng S"/>

In the aftermath of Russia's recognition of the Donetsk People's Republic and the Luhansk People's Republic and in accordance to the hacking collective's threats to take hostage of industrial control systems, they conducted a small hack on a Russian Modbus device which they've announced on a hacked Chinese cultural website, although early on Anonymous kept the location of the hack ambiguous.

According to Anonymous, the Modbus device was said to be a Schneider Electric's Modicon M251 logic controller, and that they were previously "playing nice" so not to give Russia a casus belli but because of the subsequent 2022 Russian invasion of Ukraine, Operation Samantha Smith was presumably deemed as a failure and Anonymous would start attacking Russian websites and systems as retaliation.<ref name="Anonymous hacks Chinese site, Russi"/>

Operation Russia

Template:See also On February 25, 2022, Twitter accounts associated with Anonymous declared that they had launched a 'cyber operation' against the Russian Federation, in retaliation for the invasion of Ukraine ordered by Russian president Vladimir Putin. The operation was dubbed "OpRussia". The group later temporarily disabled websites such as RT.com and the website of the Defence Ministry along with other state owned websites.<ref>Template:Cite tweet</ref><ref>Template:Cite tweet</ref>Template:Self-published inline<ref>Template:Cite web</ref><ref>Template:Cite web</ref><ref>Template:Cite web</ref> Anonymous also leaked 200 GB worth of emails from the Belarusian weapons manufacturer Tetraedr, which provided logistical support for Russia in the Russian invasion of Ukraine.<ref>Template:Cite web</ref> Anonymous also hacked into Russian TV channels and played Ukrainian music<ref>Template:Cite web</ref> through them and showed uncensored news of what was happening in Ukraine.<ref>Template:Cite web</ref>

They hacked into a Russian Center for the Protection of Monuments website (memorials.tomsk.ru) and uploaded three defacement pages adorned with the blue and yellow colors of the Ukrainian flag. In the first defacement page, they included the standard Anonymous logo, a music video of Mandopop song Fragile, brief announcement that the Operation Samantha Smith has morphed into Operation Russia and Operation Ukraine while warned "we will do what we must" following the Russian military invasion, and a photo of Ukrainian revolutionary Nestor Makhno.<ref name=":www.taiwannews.com.tw/en/news/4455240">Template:Cite web</ref>

Following through their threats during Operation Samantha Smith, Anonymous had also hacked a Chinese SIMATIC programmable logic controller along with two Russian Modbus devices. Memes from social-networking website Reddit appeared on the defaced website, including an image of Russian President Vladimir Putin in heavy makeup with a rainbow as a background, together with a series of embedded Reddit posts which asked users to vote for which parts of Russia should declare independence. Next, appearing on the hacked website are the Ukrainian national anthem, Ukrainian coat of arms and a map appearing to show Kuomintang plans for an invasion of China and the Soviet Union.<ref name=":www.taiwannews.com.tw/en/news/4455240" />

In the second defacement page uploaded by Anonymous to memorials.tomsk.ru, the photos and the names of deceased passengers from Malaysia Airlines Flight 17 were shown, while in the third defacement page, the Anonymous logo, the Guy Fawkes mask image, and a video that plays the circus theme song "Entrance of the Gladiators" on loop for 10 hours appeared. In an interview, the spokesperson of the hacking collective emphasized that "Anonymous is not a group, not a country, but an amorphous idea. It flows like air, like water, like everything. Let it be known that since its inception, Anonymous never have restrictions that say that only homo sapiens can be part of it.", while threatening that any further cyberattacks will be "precipitated by Russia's continued failure in recognizing the territorial aggression in itself is nothing but a relic of dark ages in the distant past."<ref name=":www.taiwannews.com.tw/en/news/4455240" />

Besides posting Ukrainian president Volodymyr Zelenskyy's defiant speech against the invasion and a video calling for the creation of neutral grouping of countries between NATO and Russia into memorials.tomsk.ru, Anonymous announced that they had hacked a Russian Linux terminal and a gas control system in North Ossetia, while stating that they had almost caused an explosion in the latter, but did not because of a fast-acting human worker. The hacking collective also added several hashtags and slogans, including "SlavaUkraini", "#OpRussia", "Putin #EpikFail", and "/r/opukraine" into the gas control system.<ref>Template:Cite web</ref>

Anonymous is also believed to be responsible for hacking several Russian state TV channels; many users on Twitter and TikTok uploaded videos showing channels playing Ukrainian music and displaying pro-Ukraine images, flags, and symbols.<ref>Template:Cite web</ref> Furthermore, they had hacked Russian television services in order to broadcast footage of the war in Ukraine, and systems believed to be related to Russian space agency Roscosmos where they defaced its website and leaked mission files.<ref>Template:Cite web</ref><ref>Template:Cite web</ref><ref>Template:Cite web</ref>

A yacht allegedly belonging to Vladimir Putin was reportedly hacked by the group where they changed its call sign to “FCKPTN” and setting its target destination to “hell”. Furthermore, they broadcast a troll face picture through a hacked Russian military radio.<ref>Template:Cite web</ref><ref>Template:Cite web</ref>

At least 2,500 Russian and Belarusian targets were reportedly hacked by Anonymous. These included more than three hundred websites of Russian government agencies, state media outlets, banks, as well as websites of leading Belarusian banks such as Belarusbank, Priorbank and Belinvestbank. Furthermore, they also hacked a website belonging to Chechnya's regional government. They also warned that “If things continue as they have been in the past few days, the cyber war will be expanded and our measures will be massively increased. This is the final warning to the entire Russian government. Don’t mess with Anonymous.”<ref>Template:Cite web</ref><ref>Template:Cite web</ref>

Over 400 Russian cameras were hacked by Anonymous with anti-Putin messages such as "Putin is killing children". Some of the cameras had its live feeds compiled onto a website called behindenemylines.live. On the website, Anonymous explains that the hacks are a message to Russia that it must "pay a huge price because of the shameful decision of the dictator Putin to attack an independent Ukraine by armed forces." It asserted that sanctions imposed on Russia will result in state collapse and have worse consequences for its citizens than the oligarchy. Anonymous further stated that "150 million Russians do not know the truth about the causes or course of the war in Ukraine" and are instead fed a steady stream of "Kremlin propaganda." Anonymous stated that the purposes of the hacks are to "spread information to the Russian people" as well as serve as a possible reconnaissance tool for Ukraine. It then directly addressed Russians: "we just want you to know that you are being brainwashed by state propaganda, and the Kremlin and Putin are lying to you." Besides that, they emphasized that "Ukraine is not controlled by Nazis" and hence the Ukrainian people "do not need you to 'free' them." while calling for a popular uprising, vowing that they will receive support from the rest of the world.<ref>Template:Cite web</ref>

In response to the seizure of Ukraine's Zaporizhia Nuclear Power Plant by Russia, Anonymous defaced the website of Rosatom and gained access to gigabytes of data which they intended to leak publicly. Furthermore, they had hacked into printers in Russia to spread anti-propaganda messages.<ref>Template:Cite web</ref><ref>Template:Cite web</ref><ref>Template:Cite web</ref>

In the aftermath of Bucha massacre, the hacking collective leaked the personal information of 120,000 Russian soldiers in Ukraine.<ref>Template:Cite web</ref>

Hacks

On March 7, 2022, Anonymous actors DepaixPorteur and TheWarriorPoetz declared on Twitter<ref name="twitter.com">Template:Cite web</ref>Template:Self-published inline that they hacked 400 Russian surveillance cameras and broadcast them on a website.<ref>Template:Cite web</ref> They call this operation "Russian Camera Dump".<ref name="twitter.com"/>Template:Self-published inline

On March 10, 2022, Anonymous claimed responsibility for the theft and publication of 820 GB<ref>Template:Cite web</ref> worth of documents from Roskomnadzor.<ref>Template:Cite web</ref><ref name=":0">Template:Cite web</ref> It is being released by Distributed Denial of Secrets (DDoSecrets).<ref name=":0" /><ref>Template:Cite web</ref><ref name="DDoS"/> DDoSecrets writes about the leak: "This dataset was released in the buildup to, in the midst of, or in the aftermath of a cyberwar or hybrid war. Therefore, there is an increased chance of malware, ulterior motives and altered or implanted data, or false flags/fake personas. As a result, we encourage readers, researchers and journalists to take additional care with the data."<ref name="DDoS">Template:Cite web</ref> The leak revealed a new online surveillance system tracking anti-war sentiment and other "threats" to Russian stability and the Putin regime.<ref>Template:Cite web</ref>

On March 25, 2022, DDoSecrets published approximately 22.5 gigabytes of emails allegedly from the Central Bank of Russia, which was allegedly hacked by Anonymous actor Thblckrbbtworld.<ref>Template:Cite web</ref>

On March 29, 2022, DDoSecrets published 2.4 gigabytes of emails from RostProekt, which was hacked by Anonymous actor DepaixPorteur. RostProekt is a Russian construction company. The RostProekt hack was dubbed as a "celebration" for the grand opening of the now-defunct AnonymousLeaks, a leak site solely for leaks from the Anonymous Collective.<ref>Template:Cite web</ref>Template:Self-published inline

On April 1, 2022, DDoSecrets published approximately 79,000 emails from Transneft, which was hacked by Anonymous.<ref>Template:Cite web</ref>

On April 2, 2022, DDoSecrets published approximately 200,000 emails from Capital Legal Services, which was hacked by Anonymous actor Wh1t3Sh4d0w.<ref>Template:Cite web</ref>

On April 4, 2022, DDoSecrets published more than 900,000 emails from the All-Russia State Television and Radio Broadcasting Company (VGTRK), which were hacked by the Anonymous aligned NB65.<ref>Template:Cite web</ref>

On April 7, 2022, DDoSecrets published approximately 100,000 emails from Aerogas, which was hacked by Anonymous.<ref>Template:Cite web</ref>

On April 11, 2022, DDoSecrets published approximately 230,000 emails from Blagoveshchensk City Administration, which was hacked by Anonymous.<ref>Template:Cite web</ref>

On April 12, 2022, which is the Cosmonautics Day that commemorates cosmonaut Yuri Gagarin's Vostok 1 mission to space, Anonymous-affiliated hacktivist Cyber Anakin broke into five Russian websites, specifically the Russian heavy metal band Aria's site, a Russian hockey site, a Panerai watch enthusiasts site, a basketball team site, and an educational organization site, to put up defacement pages, with pop up messages such as "Glory to Ukraine! Glory to the defenders" and "I find the orcs lack of morality disturbing". They also included videos featuring Darth Vader and the "Star Wars" song "The Imperial March," the online game Roblox, disco song "Kung Fu Fighting", Mandopop music video "Fragile", and a performance of Ukraine's national anthem by cellist Yo-Yo Ma. Besides that, memes showing characters wearing a Guy Fawkes mask and the acronym "A.S.S." which stands for "Anonymous Strategic Support" were shown. The hacktivist proposed a list of "post-war settlement solutions" on behalf of the hacking collective against Russia; examples included financial compensation for the victims of Malaysia Airlines Flight 17, the establishment of a United Nations interim administration in occupied territories of Ukraine, a referendum on the status of such territories, creation of a neutral security belt in the region, monetary reparations of at least US$70 billion to Ukraine for reconstruction, the fulfillment of Soviet–Japanese Joint Declaration of 1956 to presumably resolve the Kuril Islands dispute, cession of some Russian Antarctic bases to countries such as Iran, agreement to a potential enlargement of UN Security Council to include Brazil, South Africa and India with the increase of the minimum number of a successful veto to two or more, alongside unusual ones such as the pooling of funds from Russia to develop novel treatments against COVID-19 such as DRACO (double-stranded RNA activated caspase oligomerizer) and long COVID experimental treatment drug BC 007, and to construct a knowledge ark in space, ideally located at least in the middle region of the Asteroid Belt within Solar System. Furthermore, they leaked 446 GB of data from Russian Ministry of Culture.<ref>Template:Cite web</ref><ref>Template:Cite web</ref><ref>Template:Cite web</ref><ref>Template:Cite web</ref>

On April 13, 2022, DDoSecrets published roughly 495,000 emails from Technotec, which was hacked by the Anonymous.<ref>Template:Cite web</ref>

On April 15, 2022, DDoSecrets published roughly 400 gigabytes of emails from the Continent Express, a Russian travel agency, which was hacked by the Anonymous aligned NB65.<ref>Template:Cite web</ref>

On April 18, 2022, DDoSecrets published 222 gigabytes of emails, files and decryption keys from Gazregion, which was hacked by three different sources around the same time, including the Anonymous actor DepaixPorteur, the Anonymous affiliated NB65, and an unnamed actor.<ref>Template:Cite web</ref>

On April 19, 2022, DDoSecrets published 15,600 emails from GUOV i GS - General Dept. of Troops and Civil Construction, which was hacked by the Anonymous actor DepaixPorteur.<ref>Template:Cite web</ref>

On April 20, 2022, DDoSecrets published 250,000 emails from Worldwide Invest, which was hacked by Anonymous.<ref>Template:Cite web</ref>

On April 20, 2022, DDoSecrets published 426,000 emails from Worldwide Invest, which was hacked by Anonymous.<ref>Template:Cite web</ref>

On April 22, 2022, DDoSecrets published 365,000 emails from Accent Capital, which was hacked by Anonymous.<ref>Template:Cite web</ref>

On April 25, 2022, DDoSecrets published nearly 1,100,000 emails from ALET/АЛЕТ, which was hacked by Anonymous.<ref>Template:Cite web</ref>

On May 5, 2022, DDoSecrets published roughly 480 gigabytes of files, emails and disk images from CorpMSP, which was hacked by the Anonymous aligned NB65.<ref>Template:Cite web</ref>

On May 9, 2022, which is the Victory Day in Russia, the video-hosting website RuTube was taken down through cyberattacks, which Anonymous had claimed responsibility later. Furthermore, Network Battalion 65 (NB65), a hacktivist group affiliated with Anonymous, has reportedly hacked Russian payment processor Qiwi. A total of 10.5 terabytes of data including transaction records and customers' credit cards had been exfiltrated. They further infected Qiwi with ransomwares and threatened to release more customer records.<ref>Template:Cite web</ref><ref>Template:Cite web</ref>

On May 11, 2022, DDoSecrets published over 466 gigabytes of emails from the Nikolai M. Knipovich Polar Research Institute of Marine Fisheries and Oceanography (PINRO), which was hacked by Anonymous actors DepaixPorteur and B00daMooda.<ref>Template:Cite web</ref>

On May 12, 2022, DDoSecrets published over 7,000 emails from the Achinsk City Government, which was hacked by Anonymous.<ref>Template:Cite web</ref>

On May 13, 2022, DDoSecrets published 116,500 emails from SOCAR Energoresource, which was hacked by Anonymous.<ref>Template:Cite web</ref>

On May 30, 2022, DDoSecrets published more than 184 gigabytes of emails from Metprom Group LLC, which was hacked by the Anonymous actors DepaixPorteur, B00daMooda, and Wh1t3Sh4d0w.<ref>Template:Cite web</ref>

On June 1, 2022, DDoSecrets published more than 1,000,000 emails from Vyberi Radio, which was hacked by Anonymous.<ref>Template:Cite web</ref>

On June 3, 2022, DDoSecrets published 1 terabyte of data, which included millions of files including emails, court files, client data, classified data, photographs, videos, payment information, and more from Rustam Kurmaev and Partners (RKPLaw), which was hacked by Anonymous actors DepaixPorteur and B00daMooda.<ref>Template:Cite web</ref><ref>Template:Cite web</ref><ref>Template:Cite web</ref>

On September 1, 2022, Russian taxi service Yandex Taxi was hacked which sent dozens of cars to a location resulting in a traffic jam that lasted up to three hours. Anonymous claimed responsibility for the hack shortly thereafter.<ref>Template:Cite web</ref> At the same time the collective hacked the United Nations Event Proposal Tool website to post flags such as that of Taiwan and its pro-independence movement, Kosovo, Belarusian opposition, Russian opposition, Green Ukraine, alongside photo depicting Yuri Gagarin as a clown and six pages of manifesto text which reportedly emphasized that Yuri Gagarin had ejected from his capsule before it landed and should not qualify as the first man in space, and called for the establishment of a 30-kilometer demilitarized zone around the Zaporizhzhia Nuclear Power Plant. The defacement ends with closing comments by Anonymous such as calls for American citizens to "vote wisely" in the 2022 United States Senate elections and 2022 United States House of Representatives elections to avoid going down "Russia's path."<ref>Template:Cite web</ref> Previously Anonymous hacked a Chinese real estate website and reportedly pointed out that the Soviet Vostok 1 crewed space mission fell afoul of the stipulation within Section 8, paragraph 2.15, item b of the Fédération Aéronautique Internationale (FAI) sporting code which stated that a flight is deemed to be uncompleted if "any member of the crew definitively leaves the spacecraft during flight", as its pilot Yuri Gagarin had ejected from his capsule before it landed. From that, they reportedly said that America's Alan Shepard and John Glenn, who were both inside their capsules when they splashed down, should be considered as first humans in space. Regarding the technicality, although there are pragmatist arguments which posited that Alan Shepard and John Glenn should be considered as first person to legally complete a spaceflight mission and the first to actually complete an orbit around Earth respectively,<ref>Template:Cite web</ref><ref>Template:Cite web</ref><ref>Template:Cite book</ref> the National Air and Space Museum reported that the FAI reworked its guidelines by emphasizing the launch, orbiting, and safe return of the human over the method in which the landing took place to enable Gagarin to receive the record for the first person in space, along with other claimed records specifically that of duration in orbital flight—108 minutes, greatest altitude in earth orbital flight by a single person spacecraft (which remains standing as of August 2022)—Template:Convert,<ref>Template:Cite web</ref> and the greatest mass lifted in earth orbital flight—Template:Convert.<ref>Template:Cite web</ref><ref>Template:Cite web</ref><ref>Template:Cite web</ref>