Russia has officially launched a massive military operation against Ukraine. The turbulent political situation has once again attracted the attention of the international community, and organizations such as the United States and the European Union are also constantly “pressing” Russia.
Anonymous, the world’s largest hacker group, has declared a cyber war against Russia and has taken down dozens of websites in response to Russia’s military operations in Ukraine, according to the Russian satellite news agency . They claim to be responsible for the cyberattack on Russian television (RT).
The group said it was responsible for the cyberattack on Russian television (RT). Following the announcement, Anonymous briefly shut down RT.com, as well as the websites of the Kremlin, the Russian government and the Russian Defense Ministry.
According to RT (Russian TV), it is true that their website has been under DDoS attacks since the evening of February 24, and about 27% of the addresses that conduct DDoS attacks are located in the United States.
However, the attack did not seem to last long, and after a few hours, the site where RT was found appeared to be back up.
Anonymous: a decentralized group that once broke the alarm
“Anonymous” originated from a forum called 4chan in the United States. It made its fortune in 2003. It is a decentralized hacker organization with no system and no leadership, but it is involved in many political events.
The Guy Fawkes mask of V, the protagonist of the movie V for Vendetta, is a symbol of Anonymous. Their core concept is “anonymity, equality, freedom”, as long as you agree with this concept, you can become a member of Anonymous.
They are extremely good at batch attacks, using ddos, xss cross-site scripting, and application layer protocol attacks. In addition, they have done a lot of actions that shocked the world, and the outside world has mixed praise and criticism for their organization.
In 2020, this hacker group called Anonymous once broke the shocking material enough to make the world sensational: 193 people in Minnesota were killed by the police, Princess Diana and the sexy goddess Marilyn Monroe died because they discovered the government Corruption and child sex trafficking with members of the royal family, which led to the murder…
As soon as these revelations came out, Twitter exploded, causing an uproar in an instant. The topic #Anonymous once jumped to the top of the global trend.
Although Twitter deleted posts in a frenzy at the time, it did not stop the spread of the video of Anonymous declaring war, but instead allowed the video and the government documents they published to spread more and more widely.
This is not over, they also carried out a high-profile dark web attack.
In October 2011, they released a high-profile video announcing that they would launch “Operation Darknet”. This time, they used DDoS tactics to attack the largest child pornography site on the dark web, the City of Lolita.
What is a DDoS policy?
In simple terms, if the website normally has 1000 users, it may be able to process about 5000 instructions per second. After they started the attack, the machine sent hundreds of thousands of instructions per second, exceeding the load limit and causing the website to be paralyzed collectively.
The city of lolita has existed on the dark web for years with millions of child pornography sites. On the second day of the Anonymous attack, the city of Lolita was completely dismantled, and the usernames, uploaded child pornography images and account expiration dates of 1,589 users were made public, and the real operators and owners of the site were identified. identity. Eventually, Interpol stepped in and the site’s operator and owner were arrested.
SEE: Russian local banks are sanctioned, top payment methods suspended
Not only that, Anonymous’s attack targets also reach out to terrorist organizations.
In 2015, during the Paris terrorist attack, Anonymous declared war on the Iraqi extremist group ISIS, codenamed “Frozen ISIS”. They destroyed more than 149 related websites, deleted more than 5,900 IS propaganda videos, shut down the social media of more than 100,000 ISIS propaganda accounts, and replaced the avatars of some accounts with Japanese cute “ISIS girls”… …
However, in their countless attacks, there are many righteous actions, but at the same time there are also many chaotic and even wrong and even evil actions.
The United States, Japan, the Philippines and other countries have been targets of Anonymous, and even China has been attacked by this group many times.
When Hong Kong encountered the “revision storm”, Anonymous published the personal information of 628 suspected Hong Kong police officers on the Internet, including names, phone numbers, addresses, etc., which were made public.
Russia also has the strongest dark hacker group in the universe
Although Anonymous is known as the world’s largest hacker organization, Russian hackers are not vegetarians. Maybe they are not necessarily the strongest hackers, but in terms of global popularity, they are really comparable.
Let’s take a brief look at the hacker groups that the Russian fighting nation prefers to “make trouble” and are more active. These hacking groups are as follows:
1. Fancy Bear that disrupts politics, economy, and entertainment
Fantastic Bears is widely believed to be one of the most Kremlin-linked hacker groups.
There are quite a few names for this magical “bear”, also known as Sofacy Group, APT28, Pawn Storm, Sednit, etc. According to the earliest traceable records, it may have been established in 2007. It is considered to be related to the main intelligence agency of the Kremlin. GRU related. On the other hand, it was established in 2000 and is an organization specialized in collecting national defense and geopolitical related intelligence, including the Republic of Georgia, the governments of Eastern Europe, the military and European security organizations, and is a typical representative of Advanced Persistent Threat (APT) attacks .
Fantasy Bear official website
“Fantasy Bear” is accused of launching attacks against the DNC (Democratic National Council) and US think tanks. The hacking group has also targeted government agencies in Germany, Denmark, France and elsewhere in an effort to influence socio-political aspects during major political times, such as the months leading up to major elections.
Some cybersecurity companies in the United States suspect that “Fantasy Bear” is the mastermind behind a series of events such as Hillary’s “mail door”. However, “Fantasy Bear” is mysterious and unpredictable, and people still don’t understand basic issues such as “there are several hackers inside Fantastic Bear” and “is Fantastic Bear a fixed organization or a loose alliance”.
This organization also has a big hobby: cracking down on fakes! However, its “anti-counterfeiting” is aimed at the sports circle.
In 2017, the IAAF said it found that the IAAF’s systems had been compromised, and the hacking group had pulled metadata about athletes’ “therapeutic use exemptions” from file servers and stored the metadata in another newly created file.
The hacker who attacked the IAAF is “Fantasy Bear”. Previously, it had also invaded the database of the World Anti-Doping Agency (WADA), and successively exposed dozens of athletes “for the purpose of treatment” using illegal drugs with the agency’s permission, including the Rio Olympics 4 gold medallist Bayer Sri Lanka, and tennis star Williams and others.
2. “Cozy Bear” (Cozy Bear) of Russia’s “Double Bears”
“Comfort Bear” is classified as Advanced Persistent Threat APT29 and is also believed to be associated with Russian intelligence. It has hacked the Pentagon; the Netherlands has also stated that Cozy Bear and Fantastic Bear have repeatedly attempted to invade Dutch ministries, including the Ministry of General Services.
The “Comfort Bear” hacker group also participated in the cyberattack against the DNC, and the group is also considered to be a hacker group under the FSB of the Russian Federal Security Service.
“Comfort Bear” is believed to have been engaged in long-term cyber espionage, the goal is to collect various sensitive intelligence information. Hours after the 2016 U.S. presidential election, the group launched a wave of cyberattacks targeting U.S. agencies with a large number of NGOs. The targets of “Comfort Bear” also include world-renowned think tanks and private organizations.
3. Turla, who loves black stars and black satellites, is nicknamed “Vicious Bear”
Turla is one of the well-known Russian hacking groups. The Turla group, also known as Snake, Uroburos, Venomous Bear (Vicious Bear, underlined, the third bear) or KRYPTON, is one of the most advanced threat groups to date.
Kaspersky researchers once believed that Turla evolved from the Moonlight Maze, a well-known cyber espionage group in the 1990s. Allegedly, it has been active for over a decade. The group is believed to have launched a cyberattack against the US Department of Defense (DoD) in 2008, targeting various international government agencies, embassies, medical research and pharmaceutical companies.
Security researchers have discovered that it was Turla that used custom malware to control Britney Spears’ Instagram account. Not only can people hack a celebrity’s account, but they can also hack satellite network providers in the Middle East.
4. CyberBerkut who played 666 with Russia
Regarding CyberBerkut, there are two theories, one is that it is a pro-Russian hacking group in Ukraine, and the other is that it is a Russian hacking group.
“CyberBerkut” is an organization that emerged after the disbandment of the “Golden Eagle” (Berkut) special forces, whose members are unknown and remain anonymous. The group has positioned itself as a hacker group that “helps maintain Ukraine’s independence and thwart Western attempts to protect the neo-Nazi government and military incursions.”
On June 2, 2015, “CyberBekut” published on its website records of private communications between US billionaire George Soros and Ukrainian President Peter Poroshenko, which were intercepted after hacking into the servers of the Ukrainian Presidential Office.
The BBC has assessed CyberBerkut as one of the three largest hacking groups involved in the conflict in Ukraine on an international scale. A BBC investigation found that CyberBerkut had a distinctly pro-Russian background.
Ukraine has suffered three waves of large-scale cyberattacks this year, and who is behind it
In fact, since 2022, Ukraine has been hit by three large-scale cyberattacks.
According to incomplete statistics, on January 14, many government websites including the Ministry of Foreign Affairs, Ministry of Education, Ministry of Interior, Ministry of Energy of Ukraine were shut down by large-scale cyber attacks, and even the websites of the British, American and Swedish embassies were shut down. been affected.
Before the site shut down, a message was also released warning Ukrainians to “prepare for the worst.”
On February 15, the websites of the Ukrainian Ministry of Defense, the Armed Forces and other military websites and banks were also shut down by a large-scale cyber attack. The Ukrainian security department stated that the attack was very powerful. It was a reflective distributed DDoS attack. The attack lasted for a long time and the attack traffic was large. The continuous attack lasted for 2 hours, 28 minutes and 10 seconds. In line with the established specifications of each service agreement, it is mainly aimed at the 80 and 443 ports of the target, with a clear target and strong pertinence.
Russia’s official military campaign comes a day after Ukraine faces its third and most sophisticated wave of “wiper” attacks this year, a new type of attack that can destroy data on infected computers.
The latest wave of “wiper” attacks began on the afternoon of the 23rd and intensified over the course of the day. UK internet security watchdog NetBlocks tweeted about the outage, saying the incident “appears to be consistent with a recent distributed denial of service (DDoS) attack.” According to reports, DDoS attacks cause websites to crash and go offline by sending a large number of requests to the website.
So far, it is unclear who is behind the attacks. U.S. and U.K. cyber authorities have pointed the finger at Russian hackers, arguing that the Russian government was directly behind the attack, but Russia has denied involvement.
Today, the Ukrainian government has asked for volunteers from the country’s underground hacking group to help the government secure critical infrastructure and conduct cyber espionage missions against the Russian military.
CHECK OUT
Leave a Reply