In keeping with the hybrid nature of the Russian invasion of Ukraine, several hacktivist and hacker groups have joined the fight in the beleaguered nation, including some hacktivists encouraged by the Ukrainian government itself. Although hacktivists have waged their version of cyber warfare primarily against Russian organizations, hacktivists sympathetic to Russia are also turning their guns on Ukraine.
Here are notable hacktivist events that have happened so far related to the Russian invasion of Ukraine.
- Ukraine’s IT army emerges: Ukrainian developers join a “computer army”, the Ukrainian computer army, which has given them specific challenges. Announced on February 26, the group already has nearly 200,000 users on its main Telegram channel, which it uses to distribute missions and coordinate operations. The group was apparently responsible for shutting down the API of Sberbank, one of Russia’s major banks and the official website of Belarus’ Kremlin-aligned information policy. It is unclear whether the Ukrainian government is behind Ukraine’s IT army, although Ukrainian officials endorsed the effort.
- Anonymous claims credit for the website removals. Late last week, a Twitter account claiming to represent Anonymous wrote that “the #Anonymous collective has taken down the website of the #Russian propaganda station RT News”. The website of Russian public broadcaster RT said it was the victim of a hacker attack, which it attributed to Anonymous.
- Belarus cyber supporters claim train hacks. Activist hackers in Belarus called the Cyber Partisans are said to have hacked into the computers that control that country’s trains and arrested some in the cities of Minsk and Orsha and the town of Osipovichi. The hackers allegedly compromised the rail system’s routing and switching devices and rendered them inoperable by encrypting the data stored there.
- AgainstTheWest targeted Russian interests. Another hacktivist group known as AgainstThe West claims to have hacked a steady stream of Russian websites and companies, including Russian government contractor promen48.ru, Russian Railways, Dubna State University and the Joint Institute for Nuclear Research.
- Anon Leaks say it spoiled information about Putin’s yacht. The Anon Leaks, a group purportedly spun off from Anonymous, said it changed the call sign of Russian President Vladimir Putin’s Graceful superyacht on MarineTraffic.com to FCKPTN. The hackers also found a way to alter the yacht’s tracking data, making it look like it had crashed on Snake Island in Ukraine and changing its destination to “hell”.
- Suspected hacktivists have hacked into Russian electric vehicle charging stations. Hackers, presumably militants, hacked into electric vehicle charging stations along Russia’s M11 highway to display anti-Russian messages. Hackers likely gained access through a Ukrainian parts supplier called AutoEnterprise.
- “Patriotic Russian hackers” helped hit Ukrainian websites with DDoS attacks: Last week, some independent Russian hackers, dubbed “patriotic Russian hackers,” or vigilantes who operate in a hacktivist-like mode, claim to have helped bring down Ukrainian websites in the second round of DDoS attacks that hit the country.
- Russian media hacked to display anti-Russian messages. The websites of several Russian media were hacked to display anti-Russian messages, with some sites going offline. The affected sites were TASS rbc.ru, kommersant.ru, fontanka.ru and iz.ru from the Izvestia outlet. Some Russian media sources claim that anonymity was behind these hacks.
- The researcher leaked the messages from the Conti gang: A Ukrainian security researcher has leaked more than 60,000 internal messages belonging to the Conti ransomware operation after the gang publicly sided with Russia over the invasion of Ukraine. (Conti backed down from his strong support for Russia after his Ukrainian affiliates objected). The leaked messages were taken by a Ukrainian security researcher who allegedly gained access to Conti’s backend XMPP server from a logging server for the Jabber communications system used by the ransomware gang.
Hacktivism is not necessarily a good idea
The main question surrounding the hacktivism accompanying Russia’s invasion of Ukraine is whether this type of hacking is a healthy development for Ukraine’s defense. “It should be noted that the situation is truly unprecedented,” Emsisoft threat analyst Brett Callow told CSO. “I don’t remember anything like this happening before. We obviously have several activist groups operating on behalf of both sides, as well as some cybercrime groups taking sides, as well as intelligence services invariably doing what they normally do.
“Generally speaking, hacktivism isn’t necessarily a good idea,” says Callow. “It’s obviously illegal, and the consequences can be quite unforeseen. Sometimes a DDoS attack can affect more than the targeted resource. In the case of the Ukrainian IT Army, “the Ukrainian government may fear that it will not receive as much help as it otherwise could from the cyber side and therefore seeks to take matters into its own hands by recruiting the army.”
Another argument against incitement to hacktivism is that hacktivists are not always truthful and can contribute to misinformation. Callow doubts, for example, that the claims of AgainstTheWest are true. “The claims seem unlikely to be true,” he says.
One of the most concerning risks is that militants interfere with other strategically planned operations. “For example, if a Western intelligence agency compromised, stealthily compromised, a Russian company’s network, it could all be destroyed if a Russian company were to remediate an attack by activists. Activists will seek to cause short-term disruption. While intelligence agencies may have longer term goals including gathering information.
All is fair in love and war
Chris Anthony, founder and CEO of TeamWorx Security, leans more favorably towards hacktivism under these circumstances. “We’re talking about an effort that stands up and challenges anyone the bad guys. I think it’s a huge part of who we are as humans,” Anthony told CSO.
In the 1700s, “we used to surround the wagons and defend each other. I think hacktivism is the same thing, just in the 21st century. There is an aggressor, and it is our country, and we are not happy. We are going to use all the means at our disposal to show you that we can manage on our own. We can fight back and we can defend ourselves.
Hacktivists can especially help when the target faces such an unbalanced fight, as in Ukraine. “Sometimes it’s a war of attrition,” says Anthony. “When you call on every mobile device and computer, assembled and united against the cause, that’s a pretty powerful thing. I think that’s an advantage for Ukraine.
Garret Grajek, CEO of YouAttest, also supports what hacktivists are doing, saying, in essence, that all is fair in love and war. “The powerful unwanted site intrusion tool works both ways,” Grajek told CSO. “The Russians immediately attacked Ukrainian and government sites. Now hackers have officially aligned themselves with Ukraine, and hacktivist groups like Anonymous have begun hacking and attacking Russian official sites and affiliated news sites. This is war, and it is to be expected. The gloves fell off when the tanks arrived.
Copyright © 2022 IDG Communications, Inc.