Hacktivists back Ukraine to wage cyber offensive against Russia

Dark web hacktivists including the Anonymous collective throw support behind Ukraine, attacking Russian government websites and infrastructure.

Chris Griffith

3 min read

10:18AMMarch 01, 2022

The Australian Business Network

Dark web hacktivists including the Anonymous collective have thrown their full support behind Ukraine, attacking Russian government websites, banking and transport services, media outlets and infrastructure.

Posting on Twitter, Anonymous claims to have successfully hacked and taken offline more than 300 Russian government, state media and banking websites over the past 48 hours.

Anonymous is a loosely affiliated collective of hackers whose membership is transient and global.

Anonymous shuts down a gas supply provided by Tvingo Telecom. The company offers fiber-optic networking, Internet, wireless, telephony, and installation of drivers, and satellite services. Tvingo Telecom serves clients in Russia. https://t.co/7ApHSAgmgR
— Anonymous (@YourAnonNews) February 27, 2022

Hackers typically use “distributed denial-of-service” attacks that overwhelm websites with huge volumes of internet traffic.

The official Kremlin website taken down at the weekend remained offline on Monday, as did the Russian Duma (parliament) and ministry of defence, and some other Russian and Belarus government agencies. Anonymous said its actions were directed against the Russian government, not its people.

The dark web contingent includes other hacker groups which also are targeting infrastructure. The Belarusian Cyber-Partisans said on Twitter it had targeted the Russian railways’ computer network, which was in “a state of collapse”. The network had been forced to revert to manual control.

Other Anonymous claims included shutting down a natural gas supply operated by Tvingo Telecom, part of state-owned Rostelecom.

JUST IN: Hacking group GNG, affiliated with #Anonymous hacks and leaks database of #Russia's SberBANK in support of Ukrainian people. #OpRussia #Cyberwar #OpKremlin #StandWithUkriane #FreeUkraine pic.twitter.com/awvKD16ocl
— Anonymous TV ðŸ‡ºðŸ‡¦ (@YourAnonTV) February 27, 2022

It’s a change of alignment for Anonymous, which was in the sights of US authorities after it leaked millions of secret files from government organisations several years ago. However, it has also taken up the cause against Islamic State and hacked Minneapolis police department records after the murder of George Floyd.

Robert Potter, chief executive of online security firm Internet 2.0, said the main thrust of cyberattacks against Russia were being organised from a Ukraine government Telegram chat group ‘IT ARMY of Ukraine’, co-ordinated through social media platform Telegram. In just two days, the account has attracted more than 240,000 IT operatives and supporters globally. Some 80,000 had joined in the past 24 hours (as at 7am Tuesday March 1).

Telegram is owned by Pavel Durov, previously co-founder of Russian social media site Vkontakte and known as the Russian Zuckerberg. He left Russia after Vladimir Putin demanded Vkontakte hand over the personal details of users.

We are creating an IT army. We need digital talents. All operational tasks will be given here: https://t.co/Ie4ESfxoSn. There will be tasks for everyone. We continue to fight on the cyber front. The first task is on the channel for cyber specialists.
— Mykhailo Fedorov (@FedorovMykhailo) February 26, 2022

The global IT army is being promoted by Ukraine ‘vice prime minister’ and Minister of Digitial Transformation Mykhailo Fedorov.

Mr Potter described the global IT army as “the largest crowd-sourced cyber group ever”. “That is where the majority of the line of effort against the Russian government is coming from.”

He said “knocking off websites” was “a morale booster” for now, but he expected the group to chalk up major achievements around electronic warfare with targets including infrastructure and banking.

#Anonymous is not alone. NB65 has officially declared cyber war on Russia as well. You want to invade Ukraine? Good. Face resistance from the entire world. #UkraineWar

All of us are watching. All of us are fighting.
— NB65 (@xxNB65) February 27, 2022

Mr Potter said Russia was more vulnerable to cyberattacks through its use of digital infrastructure; the Ukrainians have gone “fully analog … They don’t use cyber infrastructure to keep their communications going.”

He said Ukrainians and journalists at the frontline had been warned about having phones with them where their positions could be geolocated. “The Russians have a significant capability around phone tracking, signal tracking, signal analysis, that sort of thing.”

#Anonymous Network Battalion 65â€™ have just released
40k files from the #Russian #Nuclear Institute
Translators needed ASAP get this information to the correct sources https://t.co/fgGWiZEUvK pic.twitter.com/Er7FoI2ZH2
— Anonymous Ð²ÐµÑ‚ÐµÑ€Ð°Ð½ (@Doemela_X) February 27, 2022

He believed Russia hadn’t fully scaled up cyberattacks against Ukraine yet because it wouldn’t get far “knocking websites offline”. According to his briefings, the Ukrainians were involved in more conventional actions such as blowing up bridges and shredding railway lines to slow the advance.

However, he believed other countries including Australia were likely to eventually suffer cyberattacks. The world’s largest ransomware operator Conti had said it was acting for Russia, and would hit the critical infrastructure of those imposing sanctions.

â…“ â—ï¸We continue to help Ukrainians in their fight against Russian occupation forces. The Railways is under attack. The computer network is in a state of collapse. Manual control mode is enabled, which will slow down the movement of trains but will NOT create emergency situations
— Belarusian Cyber-Partisans (@cpartisans) February 27, 2022

Conti attacked Australian targets including CS Energy with ransomware late last year but there is a post today on Twitter suggesting a major leak of chat data from Conti and some opposition to Russia.

There is also a claimed leakage of data from Rosatom, a company involved with Russia’s nuclear power operation, and data from the Russian Nuclear Institute.