Anonymous hackers who have been targeting Russia since the invasion of Ukraine reported more strikes against critical infrastructure sectors — including one using an “improved” iteration of Russian Conti ransomware — and called for the targeting of companies that “have blood on their hands” for continuing to do business in Russia after the massacre of Ukrainian civilians in Bucha.
Human Rights Watch said it has documented cases of “unspeakable, deliberate cruelty and violence against Ukrainian civilians,” including summary executions and rape as well as looting by Russian soldiers. Russia’s claim that “not a single local resident has suffered from any violent action” in Bucha, where bodies lay in the streets, has been disproven by satellite imagery.
“What other evidence is needed for those multinational companies which are still doing bloody business in Russia? If it’s difficult for you to leave Russia immediately even after the #BuchaMassacre, then it will be easy for us to involve you in the #OpRussia campaign,” tweeted one prominent Anonymous account, scrolling a list of companies along with details on how they are still involved in Russia.
“Almost 500 Companies Have Withdrawn from Russia—But Some Remain. Who are the companies that remain(start tagging them, yes it’s a group activity). Let’s get their attention and make they know we are coming for them,” tweeted another Anonymous account.
On Monday, DDoSecrets published more than 20 years of data swiped from VGTRK (All-Russia State Television and Radio Broadcasting Company) in what DDoSecrets co-founder Emma Best called “an unprecedented exposure of state-owned media and propaganda, which the Russian government considers essential to the state security.”
The leak came from Anonymous-affiliated hackers NB65 and amounted to 786.2 GB worth of data, including more than 900,000 emails and more than 4,000 files from VGTRK’s cloud service.
“If those of us in the west are lucky, we might even recognize some patterns and techniques used in our own propaganda machines,” Best stated, stressing that Russia “has never really been a target like this before” for hackers but “many more people are driven by outrage” after Russia invaded Ukraine and are willing to take the risk of retaliatory action. “Frankly, we’ve never seen this much data out of Russia before. The post-invasion Russian leaks easily outweigh all the pre-invasion Russian leaks.”
NB65 vowed “the leaks will continue” until Russia ceases all activity in Ukraine, and announced Sunday that they hacked SSK Gazregion LLC, which specializes in the construction of main gas pipelines, compressor stations, and gas distribution facilities.
NB65 said last week that they hacked JSC (Joint Stock Company) Mosexpertiza. “We’ve compromised your network environment completely,” NB65 said in an open message to JSC Mosexpertiza. “Not sorry. By now it’s probably painfully apparent that you’ve also been infected by a crypto locking ransomware variant. Spoiler, it’s Conti’s.”
Early in the #OpRussia campaign, hackers went after the pro-Russia Conti ransomware group, leaking internal chats and files from the group. That offensive action may have been what prompted an update on the Conti threat from DHS’ Cybersecurity and Infrastructure Security Agency, warning stakeholders that “Conti cyber threat actors remain active” and the group is targeting U.S. and international organizations.
In their message to SSK Gazregion LLC, NB65 declared that they had “improved Conti’s ransomware even more.”
“It’s now ripping through your environment rendering those files useless,” the group said. “Normally your IT team would probably restore from back ups. Don’t worry about that. We deleted all of them.” The company was directed to follow instructions in a text file. “While we have very little sympathy (none at all actually) for your current situation we will honor our word to provide decryption if you decide you want that data back. We’ve also taken 110GB of your data in the form of emails, financials… the usual shit we take.”
Anon Zeus also announced leaks of banking details from the JSC NNK-Khabarovsk Oil Refinery and Omsk Fuel Company. “As always it’s been a pleasure defending the amazing UKRAINIAN PEOPLE,” the account tweeted.
“Genocide is unforgivable and deserves extreme punishment,” said a video posted by Anon Zeus, noting that a March 24-30 survey showing 83 percent approval for President Vladimir Putin meant that Russian people who have “cold-heartedly sided” with Putin and his “evil regime” are “now the enemy.”
“Which now means that Anonymous are coming for your means of survivability,” the video continued. “We will attack your internet exchanges, your payment systems, water supplies, your gas supplies, and your electricity grid. We will also take full control of your satellite systems, nuclear plants, and we will render you useless. It is now time that you feel the full brunt of the West’s cyber capabilities.”
“Any company or country seen supporting Russia and Putin will become a target,” the video added.
Anonymous accounts circulated a list released Monday by the Ukraine Defense Ministry’s Intelligence Directorate that contained names, ranks and passport details of Russians who served in the 64 Motor Rifle Brigade that occupied Bucha last month. “Remember! All war criminals will be brought to justice for crimes committed against the civilian population of Ukraine,” the directorate declared.
“#OpRussia ! We call upon the global #Anonymous collective for another almighty attack on #russia – the atrocities in #Bucha cannot go unpunished ! Dear Vladimir Putin do you expect this to go unpunished? We think NOT ! Expect Us !” tweeted an Anonymous account, adding, “We call on all the #Anonymous collective to target International companies who still continue to conduct and engage in business with #russia !”
“#Anonymous does not forgive and does not forget. The brutality against civilians in #Bucha cannot be forgiven and will not be forgotten,” another Anonymous account tweeted. “Brothers and sisters the time is now to push forward with an unprecedented attack on Putin and his war criminals until justice is the peoples.”
Squad303, who created the 1920.in tool for anybody to send random Russians text, email, and WhatsApp messages communicating the truth about Vladimir Putin’s aggression, tweeted a photo of a Bucha victim zeroed in on the hands bound behind his back. “We cannot remain silent,” the group tweeted. “We must shout.”
“That’s the reason why we can’t stop… You can’t stop… We must do everything we can to make the murderer Putin pay for this!”