Anonymous exposes Russian soldiers

Revelations of Russian troops’ butchery in Ukraine have driven hacking group Anonymous to redouble its attacks on Russia’s government and institutions, as it declares war on private enterprises just days after publishing the personal details of 120,000 Russian invaders.

The list of soldiers, which was published online for public consumption after being leaked to Ukrainian authorities earlier in March, includes names, addresses, passport and other details – a major compromise of Russia’s armed forces apparently intended to facilitate the identification of perpetrators during war crime investigations.

The group went so far as to name the Russian commander that it says is responsible for the massacre in the town of Bucha, where investigators have discovered the bodies of hundreds of civilians murdered in cold blood by occupying Russian forces.

Reports suggest Anonymous has been supplying the spoils of its information war with the Ukrainian government – whose Ministry of Defense reportedly published a list of the details of 620 Russian spies and FSB intelligence officers – and the group has promised a dump of banking data after reporting that it had hacked Russia’s Central Bank.

The wanton hacking of Russian targets typifies an escalation of the conflict outside the parameters of the kinetic conflict – and analysts believe the continued intervention of Anonymous could prove deadly effective in destabilising business and government confidence in Russia and outside of it.

“It creates a situation where it’s adding chaos,” Spencer Wilcox, chief security officer and executive director for technology and security with PNM Resources, said during a recent (ISC)² webinar analysing the cyber war that has emerged around Russia’s Ukrainian invasion.

“It’s the same thing you saw on the high school playground, where you saw a fight and someone else ran over and said ‘go get him’. And that’s the kind of situation we’re seeing now.”

“You’ve got a group of people who are going in and creating opportunistic targets. They’re also sharing with anybody who wants to pay attention, secrets that are being obtained from allegedly Russian targets.”

Expanding the scope of its war

Even as Western political leaders wrestle with the challenge of further tightening sanctions on Russia without provoking all-out war, there are signs Anonymous has broadened the scope of its attacks and is now targeting the entirety of what remains of Russia’s crippled economy.

“Civilian companies are now within our sights,” the hacking group recently tweeted as it announced the ransomware compromise of Continent Express, a Russian travel management company that Anonymous affiliate Network Battalion 65 (NB65) claimed to have infected with Conti ransomware.

“We warned you that no internet-facing technology is off limits to us,” the group wrote. “We’ve warned you repeatedly that until you stop we will press harder and harder until we cripple every single piece of tech, every information system, and every network we find.”

“After seeing the unwarranted loss of life and destruction caused by the hands of Russian soldiers against unarmed civilians, we are doubling down on our word…. You can blame your President for all of this.”

Anonymous has previously threatened Western companies that continue to operate in Russia, but its attack on non-government sovereign businesses reflects yet another escalation in a sustained campaign of hacking that has also recently seen the publication of 786.2GB of emails and files taken from Russian state-owned broadcaster VGTRK.

The emails reportedly span 22 years and are dated as recent as March this year, discussing operational issues as well as escalating international sanctions against Russia.

Anonymous declared a cyber war against the Russian government at the beginning of the invasion, hitting a range of targets including Russia’s central bank and hacking VGTRK’s subsidiary stations to broadcast uncensored footage of the Ukrainian invasion.

The compromises are likely to continue, Wilcox said, warning that some activities may be false-flag deceptions but likening the expanding hacker campaign to the non-government organisations that engage for humanitarian or other reasons during times of conflict.

“I would expect that we’re going to see continued escalation of the non-state actors,” he said, “to sow chaos across people that we’re crowdsourcing to be enemies from the west.”

Indiscriminate hacking of private-sector companies could particularly challenge the insurance industry, which has struggled to keep up with spiralling cyber security losses and – in the wake of a ruling that cyber war is actuarially different to physical war – could begin walking away from cyber security insurance as uncertainty dominates.

“We’re going to see insurance carriers begin to exit the markets, because this is too chaotic,” Wilcox said. “It’s not something they can place their bets on, and be effective in determining who those targets are going to be. And that’s not the way insurance works.”