1. Analysis
July 29, 2022

How Anonymous’ cyberwar keeps embarrassing Russia

Hacktivist group Anonymous has declared cyberwar against Russia in retaliation of the war in Ukraine. So what has the group done so far?

By Eric Johansson

Hacktivist group Anonymous has been busy embarrassing the Kremlin after declaring a cyberwar against Russia in February following Vladimir Putin’s invasion of Ukraine.

The hacker collective made its name in the early noughties through a string of digital vandalism, hacks and online activism. It blocked access to sites and services to several big organisations. It has attacked governments, corporations and the Church of Scientology to name a few victims.

While law enforcement agencies have mostly viewed Anonymous as an annoyance at best and as a loose group of digital thugs at worst, the co-founder of the cybersecurity company Security Discovery, Jeremiah Fowler, believes the group declaring a cyberwar against Russia has earned it a reputation of being a “digital Robin Hood” of sorts.

He partnered with website builder site Website Planet at the start of the war to track Anonymous’ online escapades.

In a blog post released in July, they found that 92% of 100 analysed Russian databases had been “compromised, vandalised with pro Ukrainian messages, or deleted altogether.”

Data dumps, denial of service hacks and spoiling holidays

Fowler praised the hacktivist group’s efforts in Eastern Europe so far, but made sure to note that he is “not condoning or promoting hacktivism” as cybercrime is still a crime. Still, he seemed appreciative of Anonymous’ cyberwar efforts against Russia so far.

“The methods Anonymous has used against Russia have not only been highly disruptive and effective, they have also rewritten the rules of how a crowdsourced modern cyberwar is conducted,” he wrote in the blog. “In addition to hacking and releasing Russian data, the group has also offered cybersecurity assistance to Ukraine such as penetration testing and finding vulnerabilities before Russia could exploit them.”

For starters, Anonymous claims to have hacked into over 2,500 Russian and Belarusian sites. It then accessed and subsequently leaked sensitive data or simply deleted or altered files to spread pro-Ukrainian messages.

Anonymous claims to have accessed and leaked information about Russian military members, the Central Bank of Russia, the Russian space agency, oil and gas companies, and similar organisations.

Anonymous affiliate group Network Battalion 65 or NB65 has also been accredited with repurposing the Russia-linked Conti ransomware code against Putin’s powerbase.

“Like traditional ransomware, victims could make a payment to have the data decrypted and regain access after paying a ransom that would reportedly go to Ukraine,” Fowler writes. “In early May, NB65 dumped 7 million credit card numbers from QIWI, a leading provider of payment and financial services in Russia.”

Anonymous has also taken credit for launching distributed denial of service (DDoS) attacks against Russian websites and services.

The hacktivist group also claims to have disrupted Russian holidays, such as Victory Day on May 9, by hacking streaming services, smart TVs and radio stations to broadcast antiwar messages.

Anonymous’ cyberwar against Russia is an information war

One of the key ways in which Anonymous has contributed is in the information war. The Kremlin has imposed strict laws against “fake news”, which in the parlance of the federation translates to any piece of information going against Russian interests. The laws aim to crack down on domestic dissent and opposition to the war by threatening people with up to 15 years in prison.

Anonymous’ cyberwar against Russia has countered those laws by spreading information about Putin’s invasion.

It has done so by hacking printers to print “uncensored facts or anti-propaganda and pro-Ukrainian messages,” Fowler wrote.

Anonymous also claims to have hacked smart TVs, streaming services, news sites, radio stations and television channels to spread information about the war.

It has also repurposed the kind of technology that is usually used to send spam phone calls, texts or emails.

“Now this same technology has been used to bypass Russian censorship and inform citizens of news and messages they are forbidden to learn on state sponsored propaganda channels,” Fowler wrote. “Anonymous affiliated Squad303 claimed to have sent over 100 million messages to Russian devices.”

Anonymous claims to have attacked businesses still doing business in Russia

Western businesses have withdrawn from Russia en masse following the invasion of Ukraine in February. This has added to the unprecedented sanctions that have crippled the Russian economy this year.

However, some companies have continued to do business in the Russian Federation, a decision that has put them in Anonymous’ crosshairs.

“Anonymous threatened to leak insider or sensitive business data and days later dumped 10GB of data belonging to Nestlé,” Fowler wrote in the blog.

“This included emails, passwords, Nestlé business customers, etc.. The group successfully launched [denial of servic attacks] on Auchan, Leroy Merlin, and Decathlon websites. The threat of cyberattacks combined with the uncertainty of the Russian market have added additional risks for western companies.”

Nestlé has said these claims have “no foundation,” according to CNBC.

How effective is Anonymous’ cyberwar against Russia?

While it is difficult to asses the veracity of the claims made by Anonymous, Fowler told CNBC that at least, “Anonymous has made Russia’s governmental and civilian cyber defenses appear weak.”

“The group has demystified Russia’s cyber capabilities and successfully embarrassed Russian companies, government agencies, energy companies and others,“ he said, adding that Anonymous has turned the old Iron Curtain and made it appear like “a paper curtain.”

Jake Moore, global security advisor at cybersecurity firm ESET, told Verdict that Anonymous has been able “to chip away at the digital aspect of war,” but warned these efforts could encourage Russia to up the ante.

“Although this particular embarrassment may get a quick laugh, it is potentially a hack that will antagonise the opposition and encourage them to rebuild their cyber armoury into better shape,” he said. “Cyberwar comes in many forms and embarrassing the enemy is yet another tactic we now see in downplaying their tactics. However, this can easily and quickly inspire them to fight on with more determination which in turn could cause more damage and destruction.”

Still, analysts agree with Fowler that the impact of Anonymous continuously embarrassing Russia in the cyberwar could transform the cybersecurity landscape far into the future.

“The rise of hacktivist groups has changed the game on cybersecurity, for countries and companies,” David Bicknell, principal analysts at research firm GlobalData, tells Verdict.

“The combined resources of hacktivist groups like Anonymous or ransomware groups like REvil and Conti against companies is that the cyber power of a committed group – both physically and emotionally – is usually greater than the target’s ability to defend itself. Russia-Ukraine is arguably the first war where the cyber skills of the hacktivists means they have the opportunity and the capability to make an impact.”

Cybersecurity companies continue to raise capital

Despite whatever Anonymous efforts have been, the cyberwar in Ukraine has remained a lot tamer than what everyone expected. Instead of a full-scale war fought in cyberspace, experts have been shocked to note an absence of any major attacks.

There are several reasons why that may be. Firstly, any virus unleashed upon the world could easily spread across borders and mutate to even attack Russian organisations. After all, that is exactly what happened after the NotPetya attack in 2017.

Secondly, any major attack on the West would force the US and its allies to launch counter-attacks.

The absence of a full-scale cyberwar hasn’t stopped cybersecurity firms from warning that the fallout from any digital assaults could hurt businesses across the globe.

It seems like companies and investors have heard them. Venture capitalists (VC) injected just over $1bn into the industry across 130 deals in 2013, according to new data retrieved from research firm GlobalData on July 28. Over the following years, the annual investment grew year on year, albeit with a slight drop in 2020.

However, investment levels rebounded with a vengeance in 2021. VCs backed cybersecurity companies to the tune of $26.3bn across 729 deals last year. In contrast to those levels, investment levels seems to have dropped slightly this year. So far, investors have only topped up the coffers of cybersecurity companies to the tune of $9.4bn.

GlobalData is the parent company of Verdict and its sister publications.