= Anonymous and the Russian invasion of Ukraine =

Anonymous, a decentralized international activist and hacktivist collective, has conducted numerous cyber-operations against Russia since February 2022 when the Russian invasion of Ukraine began.

== Prelude ==
Starting from late 2021, Anonymous took notice of the military build-up near the Russia–Ukraine border and thus acted to propagate peace plans to end the war in Donbas by defacing various websites, such as United Nations' Networks on Migration, Polar Research Institute of China, Convention on Biological Diversity, and various government websites in China.

In the hacking campaign named "Operation Samantha Smith", which is a reference to the 1980s child peace activist, they called for a referendum in Ukraine on whether to presumably follow the since-defunct Minsk Protocol or hand over the separatist-controlled territories to a UN peacekeeping administration. Later, a second referendum in the separatist regions would then ask voters to choose to reunite with Ukraine, gain independence, or join Russia. Besides that, they also called for the creation of a "neutral grouping" of countries "wedged between NATO and Russia" that would include Ukraine, Finland, Belarus, Georgia, Armenia, Azerbaijan, and Moldova. Anonymous argued that the so-called "neutral security belt" could serve as an alliance similar to the North Atlantic Treaty Organization (NATO) or the Collective Security Treaty Organization (CSTO) that acts as a cordon sanitaire between NATO and CSTO countries in order to "assuage Russia's fears without NATO losing its face."

As the situation escalated, they threatened to take hostage of industrial control systems and implicitly warned Russia that the "sole party to be blamed if we escalate on that, will be the same one who started it in the very first place with troop buildups, childish threats, and waves of unreasonable ultimatums." Furthermore, they urged the United Nations to immediately deploy peacekeepers on "at least the Ukrainian side of the frontline in Donbass" under the basis of UN Resolution 337 (V) to "prevent any further provocations" by any side.

In the aftermath of Russia's recognition of the Donetsk People's Republic and the Luhansk People's Republic and in accordance to the hacking collective's threats to take hostage of industrial control systems, they conducted a small hack on a Russian Modbus device which they've announced on a hacked Chinese cultural website, although early on Anonymous kept the location of the hack ambiguous.

According to Anonymous, the Modbus device was said to be a Schneider Electric's Modicon M251 logic controller, and that they were previously "playing nice" so not to give Russia a casus belli but because of the subsequent Russian invasion of Ukraine, Operation Samantha Smith was presumably deemed as a failure and Anonymous would start attacking Russian websites and systems as retaliation.

== Operation Russia ==

On February 25, 2022, Twitter accounts associated with Anonymous declared that they had launched a 'cyber operation' against the Russian Federation, in retaliation for the invasion of Ukraine ordered by Russian president Vladimir Putin. The operation was dubbed "OpRussia". The group later temporarily disabled websites such as RT.com and the website of the Defence Ministry along with other state owned websites. Anonymous also leaked 200 GB worth of emails from the Belarusian weapons manufacturer Tetraedr, which provided logistical support for Russia in the Russian invasion of Ukraine. Anonymous also hacked into Russian TV channels and played Ukrainian music through them and showed uncensored news of what was happening in Ukraine.

They hacked into a Russian Center for the Protection of Monuments website (memorials.tomsk.ru) and uploaded three defacement pages adorned with the blue and yellow colors of the Ukrainian flag. In the first defacement page, they included the standard Anonymous logo, a music video of Mandopop song "Fragile", brief announcement that the Operation Samantha Smith has morphed into Operation Russia and Operation Ukraine while warned "we will do what we must" following the Russian military invasion, and a photo of Ukrainian revolutionary Nestor Makhno.

Following through their threats during Operation Samantha Smith, Anonymous had also hacked a Chinese SIMATIC programmable logic controller along with two Russian Modbus devices. Memes from social-networking website Reddit appeared on the defaced website, including an image of Russian President Vladimir Putin in heavy makeup with a rainbow as a background, together with a series of embedded Reddit posts which asked users to vote for which parts of Russia should declare independence. Next, appearing on the hacked website are the Ukrainian national anthem, Ukrainian coat of arms and a map appearing to show Kuomintang plans for an invasion of China and the Soviet Union.

In the second defacement page uploaded by Anonymous to memorials.tomsk.ru, the photos and the names of deceased passengers from Malaysia Airlines Flight 17 were shown, while in the third defacement page, the Anonymous logo, the Guy Fawkes mask image, and a video that plays the circus theme song "Entrance of the Gladiators" on loop for 10 hours appeared. In an interview, the spokesperson of the hacking collective emphasized that "Anonymous is not a group, not a country, but an amorphous idea. It flows like air, like water, like everything. Let it be known that since its inception, Anonymous never have restrictions that say that only homo sapiens can be part of it.", while threatening that any further cyberattacks will be "precipitated by Russia's continued failure in recognizing the territorial aggression in itself is nothing but a relic of dark ages in the distant past."

Besides posting Ukrainian president Volodymyr Zelenskyy's defiant speech against the invasion and a video calling for the creation of neutral grouping of countries between NATO and Russia into memorials.tomsk.ru, Anonymous announced that they had hacked a Russian Linux terminal and a gas control system in North Ossetia, while stating that they had almost caused an explosion in the latter, but did not because of a fast-acting human worker. The hacking collective also added several hashtags and slogans, including "SlavaUkraini", "#OpRussia", "Putin #EpikFail", and "/r/opukraine" into the gas control system.

Anonymous is also believed to be responsible for hacking several Russian state TV channels; many users on Twitter and TikTok uploaded videos showing channels playing Ukrainian music and displaying pro-Ukraine images, flags, and symbols. Furthermore, they had hacked Russian television services in order to broadcast footage of the war in Ukraine, and systems believed to be related to Russian space agency Roscosmos where they defaced its website and leaked mission files.

A yacht allegedly belonging to Vladimir Putin was reportedly hacked by the group where they changed its call sign to “FCKPTN” and setting its target destination to “hell”. Furthermore, they broadcast a troll face picture through a hacked Russian military radio.

At least 2,500 Russian and Belarusian targets were reportedly hacked by Anonymous. These included more than three hundred websites of Russian government agencies, state media outlets, banks, as well as websites of leading Belarusian banks such as Belarusbank, Priorbank and Belinvestbank. Furthermore, they also hacked a website belonging to Chechnya's regional government. They also warned that “If things continue as they have been in the past few days, the cyber war will be expanded and our measures will be massively increased. This is the final warning to the entire Russian government. Don't mess with Anonymous.”

Over 400 Russian cameras were hacked by Anonymous with anti-Putin messages such as "Putin is killing children". Some of the cameras had its live feeds compiled onto a website called behindenemylines.live. On the website, Anonymous explains that the hacks are a message to Russia that it must "pay a huge price because of the shameful decision of the dictator Putin to attack an independent Ukraine by armed forces." It asserted that sanctions imposed on Russia will result in state collapse and have worse consequences for its citizens than the oligarchy. Anonymous further stated that "150 million Russians do not know the truth about the causes or course of the war in Ukraine" and are instead fed a steady stream of "Kremlin propaganda." Anonymous stated that the purposes of the hacks are to "spread information to the Russian people" as well as serve as a possible reconnaissance tool for Ukraine. It then directly addressed Russians: "we just want you to know that you are being brainwashed by state propaganda, and the Kremlin and Putin are lying to you." Besides that, they emphasized that "Ukraine is not controlled by Nazis" and hence the Ukrainian people "do not need you to 'free' them." while calling for a popular uprising, vowing that they will receive support from the rest of the world.

In response to the seizure of Ukraine's Zaporizhia Nuclear Power Plant by Russia, Anonymous defaced the website of Rosatom and gained access to gigabytes of data which they intended to leak publicly. Furthermore, they had hacked into printers in Russia to spread anti-propaganda messages.

In the aftermath of Bucha massacre, the hacking collective leaked the personal information of 120,000 Russian soldiers in Ukraine.

== List of hacks ==

- March 7, 2022: Anonymous actors DepaixPorteur and TheWarriorPoetz declared on Twitter that they hacked 400 Russian surveillance cameras and broadcast them on a website. They called this operation "Russian Camera Dump".

- May 9, 2022: is the Victory Day in Russia. The video-hosting website RuTube was taken down through cyberattacks, which Anonymous had claimed responsibility later. Furthermore, Network Battalion 65 (NB65), a hacktivist group affiliated with Anonymous, has reportedly hacked Russian payment processor Qiwi. A total of 10.5 terabytes of data including transaction records and customers' credit cards had been exfiltrated. They further infected Qiwi with ransomwares and threatened to release more customer records.

- September 1, 2022: Russian taxi service Yandex Taxi was hacked which sent dozens of cars to a location resulting in a traffic jam that lasted up to three hours. Anonymous claimed responsibility for the hack shortly thereafter.

== List of data leaks ==

The following is a list of hacking events resulting in the disclosure of stolen information by Distributed Denial of Secrets (DDoSecrets).

- March 10, 2022: Anonymous claimed responsibility for the theft and publication of 820 GB worth of documents from Roskomnadzor, was published by DDoSecrets. DDoSecrets wrote: "This dataset was released in the buildup to, in the midst of, or in the aftermath of a cyberwar or hybrid war. Therefore, there is an increased chance of malware, ulterior motives and altered or implanted data, or false flags/fake personas. As a result, we encourage readers, researchers and journalists to take additional care with the data." The leak revealed a new online surveillance system tracking anti-war sentiment and other "threats" to Russian stability and the Putin regime.

- March 25, 2022: DDoSecrets published 22.5 gigabytes of emails allegedly from the Central Bank of Russia, which was allegedly hacked by Anonymous actor Thblckrbbtworld.

- March 29, 2022: DDoSecrets published 2.4 gigabytes of emails from RostProekt, which was hacked by Anonymous actor DepaixPorteur. RostProekt is a Russian construction company. The RostProekt hack was dubbed as a "celebration" for the grand opening of the since-defunct AnonymousLeaks, a leak site solely for leaks from the Anonymous Collective.

- April 1, 2022: DDoSecrets published 79,000 emails from Transneft, which was hacked by Anonymous.

- April 2, 2022: DDoSecrets published 200,000 emails from Capital Legal Services, which was hacked by Anonymous actor Wh1t3Sh4d0w.

- April 4, 2022: DDoSecrets published more than 900,000 emails from the All-Russia State Television and Radio Broadcasting Company (VGTRK), which were hacked by the Anonymous aligned NB65.

- April 7, 2022: DDoSecrets published 100,000 emails from Aerogas, which was hacked by Anonymous.

- April 11, 2022: DDoSecrets published 230,000 emails from Blagoveshchensk City Administration, which was hacked by Anonymous.

- April 12, 2022: DDoSecrets published 446 GB of data from Russian Ministry of Culture.

- April 13, 2022: DDoSecrets published roughly 495,000 emails from Technotec, which was hacked by the Anonymous.

- April 15, 2022: DDoSecrets published roughly 400 gigabytes of emails from the Continent Express, a Russian travel agency, which was hacked by the Anonymous aligned NB65.

- April 18, 2022: DDoSecrets published 222 gigabytes of emails, files and decryption keys from Gazregion, which was hacked by three different sources around the same time, including the Anonymous actor DepaixPorteur, the Anonymous affiliated NB65, and an unnamed actor.

- April 19, 2022: DDoSecrets published 15,600 emails from GUOV i GS – General Dept. of Troops and Civil Construction, which was hacked by the Anonymous actor DepaixPorteur.

- April 20, 2022: DDoSecrets published 250,000 emails from Worldwide Invest, which was hacked by Anonymous.

- April 20, 2022: DDoSecrets published 426,000 emails from Worldwide Invest, which was hacked by Anonymous.

- April 22, 2022: DDoSecrets published 365,000 emails from Accent Capital, which was hacked by Anonymous.

- April 25, 2022: DDoSecrets published nearly 1,100,000 emails from ALET/АЛЕТ, which was hacked by Anonymous.

- May 5, 2022: DDoSecrets published roughly 480 gigabytes of files, emails and disk images from CorpMSP, which was hacked by the Anonymous aligned NB65.

- May 11, 2022: DDoSecrets published over 466 gigabytes of emails from the Nikolai M. Knipovich Polar Research Institute of Marine Fisheries and Oceanography (PINRO), which was hacked by Anonymous actors DepaixPorteur and B00daMooda.

- May 12, 2022: DDoSecrets published over 7,000 emails from the Achinsk City Government, which was hacked by Anonymous.

- May 13, 2022: DDoSecrets published 116,500 emails from SOCAR Energoresource, which was hacked by Anonymous.

- May 30, 2022: DDoSecrets published more than 184 gigabytes of emails from Metprom Group LLC, which was hacked by the Anonymous actors DepaixPorteur, B00daMooda, and Wh1t3Sh4d0w.

- June 1, 2022: DDoSecrets published more than 1,000,000 emails from Vyberi Radio, which was hacked by Anonymous.

- June 3, 2022: DDoSecrets published 1 terabyte of data, which included millions of files including emails, court files, client data, classified data, photographs, videos, payment information, and more from Rustam Kurmaev and Partners (RKPLaw), which was hacked by Anonymous actors DepaixPorteur and B00daMooda.

==See also==
- Cyberwarfare
- Fourth-generation warfare
- Information warfare
