Anonymous and the Russian invasion of Ukraine

Anonymous, a decentralized international activist and hacktivist collective, has conducted numerous cyber-operations against Russia since February 2022 when the Russian invasion of Ukraine began.

Prelude
Starting from late 2021, Anonymous took notice of the military build-up near the Russia-Ukraine border and thus acted to propagate peace plans to end the war in Donbas by defacing various websites, such as United Nations' Networks on Migration, Polar Research Institute of China, Convention on Biological Diversity, and various government websites in China.

In the hacking campaign named "Operation Samantha Smith", which is a reference to the 1980s child peace activist, they called for a referendum in Ukraine on whether to presumably follow the now-defunct Minsk Protocol or hand over the separatist-controlled territories to a UN peacekeeping administration. Later, a second referendum in the separatist regions would then ask voters to choose to reunite with Ukraine, gain independence, or join Russia. Besides that, they also called for the creation of a "neutral grouping" of countries "wedged between NATO and Russia" that would include Ukraine, Finland, Belarus, Georgia, Armenia, Azerbaijan, and Moldova. Anonymous argued that the so-called "neutral security belt" could serve as an alliance similar to the North Atlantic Treaty Organization (NATO) or the Collective Security Treaty Organization (CSTO) that acts as a cordon sanitaire between NATO and CSTO countries in order to "assuage Russia's fears without NATO losing its face."

As the situation escalated, they threatened to take hostage of industrial control systems and implicitly warned Russia that the "sole party to be blamed if we escalate on that, will be the same one who started it in the very first place with troop buildups, childish threats, and waves of unreasonable ultimatums." Furthermore, they urged the United Nations to immediately deploy peacekeepers on "at least the Ukrainian side of the frontline in Donbass" under the basis of UN Resolution 337 (V) to "prevent any further provocations" by any side.

In the aftermath of Russia's recognition of the Donetsk People's Republic and the Luhansk People's Republic and in accordance to the hacking collective's threats to take hostage of industrial control systems, they conducted a small hack on a Russian Modbus device which they've announced on a hacked Chinese cultural website, although early on Anonymous kept the location of the hack ambiguous.

According to Anonymous, the Modbus device was said to be a Schneider Electric's Modicon M251 logic controller, and that they were previously "playing nice" so not to give Russia a casus belli but because of the subsequent Russian invasion of Ukraine, Operation Samantha Smith was presumably deemed as a failure and Anonymous would start attacking Russian websites and systems as retaliation.

Operation Russia
On February 25, 2022, Twitter accounts associated with Anonymous declared that they had launched a 'cyber operation' against the Russian Federation, in retaliation for the invasion of Ukraine ordered by Russian president Vladimir Putin. The operation was dubbed "OpRussia". The group later temporarily disabled websites such as RT.com and the website of the Defence Ministry along with other state owned websites. Anonymous also leaked 200 GB worth of emails from the Belarusian weapons manufacturer Tetraedr, which provided logistical support for Russia in the Russian invasion of Ukraine. Anonymous also hacked into Russian TV channels and played Ukrainian music through them and showed uncensored news of what was happening in Ukraine.

They hacked into a Russian Center for the Protection of Monuments website (memorials.tomsk.ru) and uploaded three defacement pages adorned with the blue and yellow colors of the Ukrainian flag. In the first defacement page, they included the standard Anonymous logo, a music video of Mandopop song "Fragile", brief announcement that the Operation Samantha Smith has morphed into Operation Russia and Operation Ukraine while warned "we will do what we must" following the Russian military invasion, and a photo of Ukrainian revolutionary Nestor Makhno.

Following through their threats during Operation Samantha Smith, Anonymous had also hacked a Chinese SIMATIC programmable logic controller along with two Russian Modbus devices. Memes from social-networking website Reddit appeared on the defaced website, including an image of Russian President Vladimir Putin in heavy makeup with a rainbow as a background, together with a series of embedded Reddit posts which asked users to vote for which parts of Russia should declare independence. Next, appearing on the hacked website are the Ukrainian national anthem, Ukrainian coat of arms and a map appearing to show Kuomintang plans for an invasion of China and the Soviet Union.

In the second defacement page uploaded by Anonymous to memorials.tomsk.ru, the photos and the names of deceased passengers from Malaysia Airlines Flight 17 were shown, while in the third defacement page, the Anonymous logo, the Guy Fawkes mask image, and a video that plays the circus theme song "Entrance of the Gladiators" on loop for 10 hours appeared. In an interview, the spokesperson of the hacking collective emphasized that "Anonymous is not a group, not a country, but an amorphous idea. It flows like air, like water, like everything. Let it be known that since its inception, Anonymous never have restrictions that say that only homo sapiens can be part of it.", while threatening that any further cyberattacks will be "precipitated by Russia's continued failure in recognizing the territorial aggression in itself is nothing but a relic of dark ages in the distant past."

Besides posting Ukrainian president Volodymyr Zelenskyy's defiant speech against the invasion and a video calling for the creation of neutral grouping of countries between NATO and Russia into memorials.tomsk.ru, Anonymous announced that they had hacked a Russian Linux terminal and a gas control system in North Ossetia, while stating that they had almost caused an explosion in the latter, but did not because of a fast-acting human worker. The hacking collective also added several hashtags and slogans, including "SlavaUkraini", "#OpRussia", "Putin #EpikFail", and "/r/opukraine" into the gas control system.

Anonymous is also believed to be responsible for hacking several Russian state TV channels; many users on Twitter and TikTok uploaded videos showing channels playing Ukrainian music and displaying pro-Ukraine images, flags, and symbols. Furthermore, they had hacked Russian television services in order to broadcast footage of the war in Ukraine, and systems believed to be related to Russian space agency Roscosmos where they defaced its website and leaked mission files.

A yacht allegedly belonging to Vladimir Putin was reportedly hacked by the group where they changed its call sign to “FCKPTN” and setting its target destination to “hell”. Furthermore, they broadcast a troll face picture through a hacked Russian military radio.

At least 2,500 Russian and Belarusian targets were reportedly hacked by Anonymous. These included more than three hundred websites of Russian government agencies, state media outlets, banks, as well as websites of leading Belarusian banks such as Belarusbank, Priorbank and Belinvestbank. Furthermore, they also hacked a website belonging to Chechnya's regional government. They also warned that “If things continue as they have been in the past few days, the cyber war will be expanded and our measures will be massively increased. This is the final warning to the entire Russian government. Don't mess with Anonymous.”

Over 400 Russian cameras were hacked by Anonymous with anti-Putin messages such as "Putin is killing children". Some of the cameras had its live feeds compiled onto a website called behindenemylines.live. On the website, Anonymous explains that the hacks are a message to Russia that it must "pay a huge price because of the shameful decision of the dictator Putin to attack an independent Ukraine by armed forces." It asserted that sanctions imposed on Russia will result in state collapse and have worse consequences for its citizens than the oligarchy. Anonymous further stated that "150 million Russians do not know the truth about the causes or course of the war in Ukraine" and are instead fed a steady stream of "Kremlin propaganda." Anonymous stated that the purposes of the hacks are to "spread information to the Russian people" as well as serve as a possible reconnaissance tool for Ukraine. It then directly addressed Russians: "we just want you to know that you are being brainwashed by state propaganda, and the Kremlin and Putin are lying to you." Besides that, they emphasized that "Ukraine is not controlled by Nazis" and hence the Ukrainian people "do not need you to 'free' them." while calling for a popular uprising, vowing that they will receive support from the rest of the world.

In response to the seizure of Ukraine's Zaporizhia Nuclear Power Plant by Russia, Anonymous defaced the website of Rosatom and gained access to gigabytes of data which they intended to leak publicly. Furthermore, they had hacked into printers in Russia to spread anti-propaganda messages.

In the aftermath of Bucha massacre, the hacking collective leaked the personal information of 120,000 Russian soldiers in Ukraine.

Hacks
On March 7, 2022, Anonymous actors DepaixPorteur and TheWarriorPoetz declared on Twitter that they hacked 400 Russian surveillance cameras and broadcast them on a website. They call this operation "Russian Camera Dump".

On March 10, 2022, Anonymous claimed responsibility for the theft and publication of 820 GB worth of documents from Roskomnadzor. It is being released by Distributed Denial of Secrets (DDoSecrets). DDoSecrets writes about the leak: "This dataset was released in the buildup to, in the midst of, or in the aftermath of a cyberwar or hybrid war. Therefore, there is an increased chance of malware, ulterior motives and altered or implanted data, or false flags/fake personas. As a result, we encourage readers, researchers and journalists to take additional care with the data." The leak revealed a new online surveillance system tracking anti-war sentiment and other "threats" to Russian stability and the Putin regime.

On March 25, 2022, DDoSecrets published approximately 22.5 gigabytes of emails allegedly from the Central Bank of Russia, which was allegedly hacked by Anonymous actor Thblckrbbtworld.

On March 29, 2022, DDoSecrets published 2.4 gigabytes of emails from RostProekt, which was hacked by Anonymous actor DepaixPorteur. RostProekt is a Russian construction company. The RostProekt hack was dubbed as a "celebration" for the grand opening of the now-defunct AnonymousLeaks, a leak site solely for leaks from the Anonymous Collective.

On April 1, 2022, DDoSecrets published approximately 79,000 emails from Transneft, which was hacked by Anonymous.

On April 2, 2022, DDoSecrets published approximately 200,000 emails from Capital Legal Services, which was hacked by Anonymous actor Wh1t3Sh4d0w.

On April 4, 2022, DDoSecrets published more than 900,000 emails from the All-Russia State Television and Radio Broadcasting Company (VGTRK), which were hacked by the Anonymous aligned NB65.

On April 7, 2022, DDoSecrets published approximately 100,000 emails from Aerogas, which was hacked by Anonymous.

On April 11, 2022, DDoSecrets published approximately 230,000 emails from Blagoveshchensk City Administration, which was hacked by Anonymous.

On April 12, 2022, which is the Cosmonautics Day that commemorates cosmonaut Yuri Gagarin's Vostok 1 mission to space, Anonymous-affiliated hacktivist Cyber Anakin broke into five Russian websites, specifically the Russian heavy metal band Aria's site, a Russian hockey site, a Panerai watch enthusiasts site, a basketball team site, and an educational organization site, to put up defacement pages, with pop up messages such as "Glory to Ukraine! Glory to the defenders" and "I find the orcs lack of morality disturbing". They also included videos featuring Darth Vader and the "Star Wars" song "The Imperial March," the online game Roblox, disco song "Kung Fu Fighting", Mandopop music video "Fragile", and a performance of Ukraine's national anthem by cellist Yo-Yo Ma. Besides that, memes showing characters wearing a Guy Fawkes mask and the acronym "A.S.S." which stands for "Anonymous Strategic Support" were shown.

On April 12, 2022 Anonymous leaked 446 GB of data from Russian Ministry of Culture.

On April 13, 2022, DDoSecrets published roughly 495,000 emails from Technotec, which was hacked by the Anonymous.

On April 15, 2022, DDoSecrets published roughly 400 gigabytes of emails from the Continent Express, a Russian travel agency, which was hacked by the Anonymous aligned NB65.

On April 18, 2022, DDoSecrets published 222 gigabytes of emails, files and decryption keys from Gazregion, which was hacked by three different sources around the same time, including the Anonymous actor DepaixPorteur, the Anonymous affiliated NB65, and an unnamed actor.

On April 19, 2022, DDoSecrets published 15,600 emails from GUOV i GS - General Dept. of Troops and Civil Construction, which was hacked by the Anonymous actor DepaixPorteur.

On April 20, 2022, DDoSecrets published 250,000 emails from Worldwide Invest, which was hacked by Anonymous.

On April 20, 2022, DDoSecrets published 426,000 emails from Worldwide Invest, which was hacked by Anonymous.

On April 22, 2022, DDoSecrets published 365,000 emails from Accent Capital, which was hacked by Anonymous.

On April 25, 2022, DDoSecrets published nearly 1,100,000 emails from ALET/АЛЕТ, which was hacked by Anonymous.

On May 5, 2022, DDoSecrets published roughly 480 gigabytes of files, emails and disk images from CorpMSP, which was hacked by the Anonymous aligned NB65.

On May 9, 2022, which is the Victory Day in Russia, the video-hosting website RuTube was taken down through cyberattacks, which Anonymous had claimed responsibility later. Furthermore, Network Battalion 65 (NB65), a hacktivist group affiliated with Anonymous, has reportedly hacked Russian payment processor Qiwi. A total of 10.5 terabytes of data including transaction records and customers' credit cards had been exfiltrated. They further infected Qiwi with ransomwares and threatened to release more customer records.

On May 11, 2022, DDoSecrets published over 466 gigabytes of emails from the Nikolai M. Knipovich Polar Research Institute of Marine Fisheries and Oceanography (PINRO), which was hacked by Anonymous actors DepaixPorteur and B00daMooda.

On May 12, 2022, DDoSecrets published over 7,000 emails from the Achinsk City Government, which was hacked by Anonymous.

On May 13, 2022, DDoSecrets published 116,500 emails from SOCAR Energoresource, which was hacked by Anonymous.

On May 30, 2022, DDoSecrets published more than 184 gigabytes of emails from Metprom Group LLC, which was hacked by the Anonymous actors DepaixPorteur, B00daMooda, and Wh1t3Sh4d0w.

On June 1, 2022, DDoSecrets published more than 1,000,000 emails from Vyberi Radio, which was hacked by Anonymous.

On June 3, 2022, DDoSecrets published 1 terabyte of data, which included millions of files including emails, court files, client data, classified data, photographs, videos, payment information, and more from Rustam Kurmaev and Partners (RKPLaw), which was hacked by Anonymous actors DepaixPorteur and B00daMooda.

On September 1, 2022, Russian taxi service Yandex Taxi was hacked which sent dozens of cars to a location resulting in a traffic jam that lasted up to three hours. Anonymous claimed responsibility for the hack shortly thereafter. At the same time the collective hacked the United Nations Event Proposal Tool website to post flags such as that of Taiwan and its pro-independence movement, Kosovo, Belarusian opposition, Russian opposition, Green Ukraine, alongside photo depicting Yuri Gagarin as a clown and six pages of manifesto text which reportedly emphasized that Yuri Gagarin had ejected from his capsule before it landed and should not qualify as the first man in space, and called for the establishment of a 30-kilometer demilitarized zone around the Zaporizhzhia Nuclear Power Plant. The defacement ends with closing comments by Anonymous such as calls for American citizens to "vote wisely" in the 2022 United States Senate elections and 2022 United States House of Representatives elections to avoid going down "Russia's path." Previously Anonymous hacked a Chinese real estate website and reportedly pointed out that the Soviet Vostok 1 crewed space mission fell afoul of the stipulation within Section 8, paragraph 2.15, item b of the Fédération Aéronautique Internationale (FAI) sporting code which stated that a flight is deemed to be uncompleted if "any member of the crew definitively leaves the spacecraft during flight", as its pilot Yuri Gagarin had ejected from his capsule before it landed. From that, they reportedly said that America's Alan Shepard and John Glenn, who were both inside their capsules when they splashed down, should be considered as first humans in space. Regarding the technicality, although there are pragmatist arguments which posited that Alan Shepard and John Glenn should be considered as first person to legally complete a spaceflight mission and the first to actually complete an orbit around Earth respectively,  the National Air and Space Museum reported that the FAI reworked its guidelines by emphasizing the launch, orbiting, and safe return of the human over the method in which the landing took place to enable Gagarin to receive the record for the first person in space, along with other claimed records specifically that of duration in orbital flight&mdash;108 minutes, greatest altitude in earth orbital flight by a single person spacecraft (which remains standing as of August 2022)&mdash;327 km, and the greatest mass lifted in earth orbital flight&mdash;4725 kg.

On April 11, 2023, nearing the occasion of Cosmonautics Day, the collective defaced the website of a Russian law enforcement support foundation where they uploaded a memorial to Tseng Sheng-guang, a Taiwanese soldier who died fighting for Ukraine while hacking into the control systems of machines, reporting including a blast furnace. The defacements begin with the Anonymous logo, a photo of Ukrainian President Volodymyr Zelensky, a video of the New York Philharmonic playing the Ukrainian national anthem, and a meme promoting the North Atlantic Fellas Organization, an Internet meme movement founded to counter Russian propaganda at the time of the Russian invasion of Ukraine in 2022. These memes were followed by a YouTube video of Ukrainian rap group Kalush Orchestra performing "Stefania" at the Eurovision Song Contest in 2022. Anonymous claimed that it has "always made great strides against Russia since Russia began its immoral war against Ukraine." In addition, they reiterated their claim that Russian cosmonaut Yuri Gagarin cannot be considered as the first man in space because he ejected from his capsule before it landed. They went on to claim that the "firsts" achieved by the Soviet Union during the Space Race were exaggerated and had been surpassed by the achievements of the United States.

On July 18, 2023, Taiwan News reported that Anonymous inserted Taiwanese flag, photo of Tsai Ing-wen along with the flag of fictional "Belgorod People's Republic" on two United Nations websites, specifically that of UN's High-Level Political Forum on Sustainable Development (HLPF) and the UN Academy websites. There they protested Google's policy of deleting inactive accounts, stating that it is "harsh" and "destroys history". Furthermore, they uploaded a text file disputing space exploration claims by the Soviet Union and a PDF version of a paper titled "Wikipedia's Intentional Distortion of the History of the Holocaust," by professors Jan Grabowski and Shira Klein. On the UN academy website, a pixilated version of Taiwan's national flag and the lyrics of the Taiwanese national anthem are shown. Anonymous further threatened Russia against using tactical nuclear weapons in Ukraine or jeopardizing the safety of the Zaporizhzhia Nuclear Power Plant, remarking that the collective possessed the "ultimate ace card," without revealing what it is other than to say that it is a "trick rather than a treat."