The world-renowned hacker group announced the launch of a cyber war, and once broke out a shocking meme that shocked the world

Editor | Wang Yafeng

On February 25, Russia officially launched a large-scale military operation against Ukraine. The turbulent political situation has once again attracted the attention of the international community, and organizations such as the United States and the European Union are also constantly "pressuring" Russia.

According to the Russian Satellite News Agency, the world's largest hacker group "Anonymous" has declared a cyber war against Russia and has destroyed dozens of websites in response to Russia's military operations in Ukraine. They claimed responsibility for the cyber attack on the Russian TV station (RT).

The group said it was responsible for a cyberattack on Russian television (RT). Following the announcement, Anonymous briefly shut down RT.com, as well as the websites of the Kremlin, the Russian government and the Russian Ministry of Defense.

According to RT (Russian TV), their website has been under DDoS attack since the evening of February 24, and about 27% of the addresses carrying out DDoS attacks are located in the United States.

However, the attack did not seem to last long. After a few hours, RT's website seemed to have been restored.

"Anonymous" originated from an American forum called 4chan. It became popular in 2003. It is a decentralized hacker organization with no system and no leader, but it participates in many political events.

The Guy Fawkes mask of the protagonist V in the movie "V for Vendetta" is the symbol of "Anonymous". Their core concept is "anonymity, equality, and freedom". As long as you agree with this concept, you can become a member of Anonymous.

They are extremely good at batch attacks, and are accustomed to using DDOS, XSS cross-site scripting, and application layer protocol attacks. In addition, they have done many things that shocked the world, and the outside world has mixed opinions about their organization.

In 2020, this hacker group called Anonymous broke out shocking scandals that shocked the world: 193 people were killed by police in Minnesota, Trump was suspected of sexually assaulting a 13-year-old girl, and the cause of death of Princess Diana and the sexy goddess Marilyn Monroe was due to the discovery of corruption and child sex trafficking among government and royal family members, which led to their murder...

As soon as these revelations came out, Twitter exploded and an uproar broke out. The topic #Anonymous once became the number one trend in the world .

Although Twitter frantically deleted a large number of posts at the time, it did not stop the spread of Anonymous' declaration of war video. Instead, the video and the government documents they released spread more and more widely.

That’s not all, they also carried out high-profile dark web attacks.

In October 2011, they released a video announcing that they would launch "Operation Darknet" . This time, they used DDoS tactics to attack the largest child pornography website in the dark web - Lolita City.

What is a DDoS Strategy?

Simply put, if a website normally has 1,000 users, it can probably process about 5,000 commands per second. But after they started the attack, they used machines to send hundreds of thousands of commands per second, exceeding the load limit and causing the website to crash.

The website, Lolita City, had existed on the dark web for several years and contained millions of child pornography products. The day after Anonymous launched the attack, Lolita City was completely dismantled, and the usernames of 1,589 users, uploaded child pornography images, and account usage periods were made public, with the true identities of the site operators and owners indicated. Eventually, Interpol intervened and the site's operators and owners were arrested.

Not only that, Anonymous's attacks also target terrorist organizations.

In 2015, during the Paris terrorist attacks, Anonymous declared war on the Iraqi extremist organization ISIS, with the code name "Freeze ISIS". They destroyed more than 149 related websites, deleted more than 5,900 IS propaganda videos, closed more than 100,000 ISIS propaganda accounts on social media, and changed the avatars of some accounts to Japanese cute "ISIS girls"...

However, among their countless attacks, there are many just actions, but also many chaotic, even wrong or even evil actions.

The United States, Japan, North Korea, the Philippines and other countries have all been targets of Anonymous, and even China has been attacked by this organization many times.

When Hong Kong was hit by the "Amendment Storm", Anonymous published the personal information of 628 suspected police officers on the Internet, including their names, phone numbers, addresses, etc.

2

Russia also has the strongest

Dark Hacker Group

Although Anonymous is known as the world's largest hacker group, Russian hackers are no pushovers. They may not be the strongest hackers, but in terms of global fame, they are really on par with each other.

Let's take a brief look at the hacker groups that like to stir up trouble and make a lot of noise. These hacker groups are as follows:

1. Fancy Bear, the one that disrupted politics, economy, and entertainment

Fancy Bear is one of the hacker groups widely believed to be most closely linked to the Kremlin.

This mysterious "bear" has many names, also known as Sofacy Group, APT28, Pawn Storm, Sednit, etc. According to the earliest traceability records, it may have been established in 2007. It is believed to be related to the GRU, the main intelligence agency of the Kremlin. Another theory is that it was established in 2000 and is an organization specializing in collecting defense and geopolitical intelligence, including the Republic of Georgia, Eastern European governments, armies, and European security organizations. It is a typical representative of advanced persistent threat (APT) attacks.

Fantasy Bear Official Website

Fancy Bear is accused of carrying out attacks on the DNC and think tanks in the U.S. The hacker group has also targeted government agencies in Germany, Denmark, France and elsewhere in an effort to influence sociopolitical influence during critical political periods, such as the months before major elections.

Some US cybersecurity companies suspect that Fancy Bear is the mastermind behind a series of events including Hillary Clinton's "email scandal". However, Fancy Bear is mysterious and people still don't know basic questions such as "how many hackers are there in Fancy Bear" and "whether Fancy Bear is a fixed organization or a loose alliance".

This organization has another hobby: fighting against counterfeiting! However, its "fighting against counterfeiting" is aimed at the sports circle.

In 2017, the IAAF said it discovered that its system had been attacked and that a hacker group had taken metadata about athletes' "therapeutic use exemptions" from the file server and stored it in another newly created file.

The hacker who attacked the IAAF is called "Fantasy Bear". Previously, it had hacked into the database of the World Anti-Doping Agency (WADA) and exposed dozens of athletes who used banned drugs "for therapeutic purposes" with the agency's permission, including Biles, the four-time gold medalist at the Rio Olympics, and tennis stars Serena Williams and Serena Williams.

2. Russia’s “Twin Bears”: “Cozy Bear”

"Comfortable Bear" is listed as an advanced persistent threat APT29 and is also believed to be related to the Russian Intelligence Agency. It has hacked the Pentagon; the Netherlands also stated that "Comfortable Bear" and "Fantasy Bear" have attempted to hack into various Dutch ministries, including the Ministry of General Affairs.

The "Comfortable Bear" hacker group also participated in the cyber attack on the DNC, and the group is also believed to be a hacker group affiliated with the Russian Federal Security Service (FSB).

"Comfortable Bear" is believed to have been conducting long-term cyber espionage activities with the goal of collecting various sensitive intelligence information. A few hours after Trump announced his victory in the 2016 US presidential election, the organization launched a wave of cyber attacks against a large number of US non-governmental organizations. "Comfortable Bear" also targets well-known global think tanks and private organizations.

3. Turla, who loves to discredit celebrities and satellites, is nicknamed "Vicious Bear"

Turla is one of the most well-known Russian hacker groups. Turla, also known as Snake, Uroburos, Venomous Bear, or KRYPTON, is one of the most advanced threat groups to date.

Kaspersky researchers believe that Turla evolved from the famous cyber espionage group Moonlight Maze in the 1990s. It has been active for more than a decade. The group is believed to have launched a cyber attack against the US Department of Defense (DoD) in 2008, and various international government agencies, embassies, medical research and pharmaceutical companies have also been its targets.

Security researchers have discovered that Turla was behind Britney Spears’ Instagram account with custom malware that was able to hack not only a celebrity’s account, but also a satellite network provider in the Middle East.

4. CyberBerkut, who is playing well with Russia

There are two theories about CyberBerkut. One is that it is a pro-Russian hacker group in Ukraine, and the other is that it is a Russian hacker group.

CyberBerkut is a group that emerged after the disbandment of the Berkut special forces. Its members are unknown and remain anonymous. The group positions itself as a hacker group that "helps Ukraine maintain its independence and prevents the West from protecting the neo-Nazi government and military invasion attempts."

On June 2, 2015, CyberBerkut published on its website the private correspondence between American billionaire George Soros and Ukrainian President Petro Poroshenko, which it had intercepted after hacking into the server of the Ukrainian Presidential Office.

The British Broadcasting Corporation BBC once evaluated CyberBerkut as one of the three largest hacker groups interfering in the Ukrainian conflict internationally. After investigation by the BBC, it was found that CyberBerkut has a distinct pro-Russian background. Last November, when US Vice President Biden visited Ukraine, several Ukrainian government websites were also hacked by the organization. When the government website was opened, the words "Joseph Biden is the leader of fascism" could be seen.

In fact, since 2022, Ukraine has suffered three large-scale cyber attacks.

According to incomplete statistics, on January 14, several government websites of Ukraine, including the Ministry of Foreign Affairs, Ministry of Education, Ministry of Internal Affairs, Ministry of Energy, etc., were closed due to a large-scale cyber attack. Even the websites of the British, American and Swedish embassies were affected.

Before the website was shut down, a message was posted warning Ukrainians to "prepare for the worst."

On February 15, the websites of the Ministry of Defense, the Armed Forces and other military and bank websites of Ukraine were also shut down due to large-scale cyber attacks. The Ukrainian security department said that the attack was very powerful and was a reflective distributed DDoS attack with a long duration and large attack traffic. The continuous attack lasted for 2 hours, 28 minutes and 10 seconds. The characteristics of the attack payload used by the attackers during the attack were in line with the established specifications of each service agreement, mainly targeting ports 80 and 443 of the target, with clear targets and strong pertinence.

The day before Russia officially launched its military operation, Ukraine faced its third and most sophisticated wave of "wiper" attacks this year, a new type of attack that can destroy data on infected computers.

The latest wave of "wiper" attacks began on the afternoon of the 23rd and intensified over the course of the day. NetBlocks, a UK internet security watchdog, posted information about the outage on Twitter, saying the incident "seems consistent with recent distributed denial of service (DDoS) attacks." DDoS attacks cause websites to crash and go offline by sending a large number of requests to them.

So far, it is unclear who is behind the attacks. U.S. and British cyber authorities have pointed the finger at Russian hackers, believing that the Russian government was directly behind the attacks, but Russia has denied involvement.

Now, the Ukrainian government has asked the country's underground hacker groups to provide volunteers to help the government protect critical infrastructure and conduct cyber espionage missions against the Russian military.