An Anonymous account reported earlier today that the hacking collective’s #OpRussia campaign had taken down more than 300 Russian government, state media and bank websites over the past 48 hours, with the majority of those struggling to come back online.
As members of the collective posted information about their operations on Twitter, one account said that hackers breached a Russian Linux terminal and gas control system in Nogir, North Ossetia. “We changed the dates and almost make its gas pressure become so high to turn into fireworks! Luckily we didn’t because of a fast-acting human controller,” the post said, adding screenshots of the breach.
One Anonymous Twitter account claimed Saturday evening that it was responsible for knocking the Chechen government website offline, and it was still down this morning. Chechen leader Ramzan Kadyrov, a Putin ally who vowed to “carry out his orders under any circumstances” and has been accused of scores of human rights abuses, said Saturday that Chechen units had deployed to Ukraine.
Another Anon account said Russian state TV channels had been hacked “to broadcast the truth about what happens in #Ukraine.” One account posted video of Russian state TV being hacked to broadcast Ukraine’s national anthem. Another posted audio of what it said were Russian military communications intercepted by the hackers; they broadcast the Ukrainian national anthem on that Russian channel as well.
Members of the collective posted a video press release Saturday that vowed “these actions will continue,” as “activists will not sit idle as Russian forces kill and murder innocent people trying to defend their homeland.”
“To all of the Russian soldiers who may read or hear of this message, and to any of their family and friends who may be able to pass this message along, we strongly encourage all of you in the Russian forces to lay down your weapons and just walk away. Putin’s crimes do not have to be your crimes,” the message continued. “As bombs fall on Ukraine together as a collective we will try our best to give valid information to the people of Russia about the crazy actions of Putin and also try our best to help the people of Ukraine by giving them care packages: Our care packages are meant to help keep data channels open and to also help obfuscate their communications from prying eyes.”
The hackers acknowledged that “some of our actions may be considered illegal in the eyes of various governments,” but they saw “no reason any western laws should be used against our actions in trying to protect and defend the people of Ukraine, and also to help educate the people of Russia.”
“As soon as Vlad started his war on the people of Ukraine, he started to censor Twitter and Facebook in Russia,” the video continued. “The solution to circumvent any intervention by Russian internet providers is to use the Tor network or a virtual private network. We do understand that using a VPN or Tor in Russia to access restricted content is against the law, so you must do so at your own risk.”
The video signs off: “Vlad should have expected us.”
A message released by Anonymous Liberland and the Pwn-Bär Hack Team announced the start of #OpCyberBullyPutin “to show you how prepared for cyberwar Russia and CIS countries really are.”
“Our Russian APT friends seem kinda out of shape, don’t they? Defacements? DDoS attacks? What year is this? 2012?” The group said it hacked Belarusian defense manufacturer Tetraedr and obtained more than 200 gigabytes of emails, and subsequently leaked the data.
Hackers have been generally using #OpRussia or #OpKremlin hashtags to announce actions against Russian sites, similar to the #OpISIS campaign that targeted the terror group’s wave of online propaganda and the #OpKKK campaign that targets white supremacists.
Hackers identifying with the Anonymous collective announced the launch of #OpRussia Thursday (Eastern time), saying that their cyber operations briefly took down some websites associated with the Russian government. An Anonymous account on Twitter claimed that the group took down “the website of the #Russian propaganda station RT News | rt.com | in response to Kremlin’s brutal invasion of #Ukraine.” The site was back up later.
Ukrainian Vice Prime Minister and Minister of Digital Transformation Mykhailo Fedorov announced Saturday a Telegram channel for the IT Army of Ukraine: “We are creating an IT army. We need digital talents. All operational tasks will be given here: t.me/itarmyofukraine2022. There will be tasks for everyone. We continue to fight on the cyber front.”
“In 2022 modern technologies are one of the best response to tanks, rockets and missiles,” he tweeted. “I’ve addressed to the biggest tech giants to support the sanctions for Russian Federation. We asked them to help us stop this outrageous aggression on our people!”
Fedorov has been using social media to call on companies to digitally cut off Russia, including asking all major crypto exchanges to block addresses of Russian users. “Mark Zuckerberg, while you create Metaverse — Russia ruins real life in Ukraine! We ask you to ban access to @facebookapp and @instagram from Russia — as long as tanks and missiles attack our kindergartens and hospitals!” he tweeted this morning.
DHS’ Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint Cybersecurity Advisory Saturday providing an overview of destructive malware that has been used to target organizations in Ukraine as well as guidance on how organizations can detect and protect their networks. On Wednesday, Russian cyber forces hit the websites of several Ukrainian banks and government departments with a wave of DDoS attacks.
An intelligence brief from the Department of Homeland Security in January warned stakeholders that Russia “would consider” launching a cyber attack against the United States if the U.S. or NATO respond to Russia’s potential invasion of Ukraine in a way that the Kremlin perceived as threatening to Russian security.
The memo also noted that Russia’s threshold for directly launching a destructive attack against U.S. critical infrastructure with its cyber arsenal “probably remains very high” though Moscow “continues to target and gain access to critical infrastructure in the United States.”