[BreachExchange] Anonymous Hackers Fire ‘Warning Shot’ at Companies Refusing to Pull Out of Russia

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Mon Mar 21 12:17:37 EDT 2022


https://www.hstoday.us/featured/anonymous-hackers-fire-warning-shot-at-companies-refusing-to-pull-out-of-russia/

Anonymous hacktivists warned that the next #OpRussia target will be
corporations that refuse to pull their business from Russia as one group of
hackers decided to try to use their data haul from a Russian company to
financially help the people of Ukraine.

“We call on all companies that continue to operate in Russia by paying
taxes to the budget of the Kremlin’s criminal regime: Pull out of Russia!
We give you 48 hours to reflect and withdraw from Russia or else you will
be under our target!” a prominent Anonymous account tweeted Sunday.

The same account reported Thursday that the #OpRussia cyber offensive
started nearly a month ago by the collective was “launching unprecedented
attacks on the websites of Russian gov’t. Increasing their capacity at peak
times from 500 GB earlier, it is now up to 1 TB. That is, two to three
times more powerful than the most serious incidents.”

And one hacker who has promised for days a major data dump tweeted that
they were first expecting a reply on a ransom request — stressing that if
the ransom was paid it would not be lining their pockets but would be
donated as “free money for Ukraine.”

That same hacker, going by the Twitter handle DepaixPorteur, launched an
operation Sunday to print out messages on hijacked printers countering
Russian propaganda about the war along with instructions on how to install
the Tor browser to evade government censors. Fifteen people working on the
project were able to send more than 100,000 copies to printers across
Russia in two hours, the account announced.

On March 13, DepaixPorteur teased on Twitter that a “huge” data dump was
forthcoming “that’s gonna blow Russia away,” adding the following day that
they have “hundreds if not thousands of gigabytes of data to compile.”
Throughout the #OpRussia cyber campaign, hackers have frequently posted
data from their intrusions into government and company systems, ranging
from phone lists up to giant troves of sensitive data.

On March 18, the hacker tweeted about the effort to extract ransom from the
hacked entity: “So we’ve decided we’re going to ransom this Russian company
for their data before we dump it, and if they pay, we will donate it to
#Ukraine @ukraine‘s ethereum address. That way Russian corporations will be
paying Ukraine, to fight themselves… To people who are saying ‘they won’t
pay, they have backups’. We don’t care. Money wasn’t our initial intention
anyway. We’re happy to dump the data for free. But if they do pay, it’s
free money for #Ukraine. Also we’re encrypting their data and deleting
backups :)”

“Yes we’re still going to dump the data we’ve been hyping all week. It’s
fucking HUGE, but we’re waiting for a ransom response before we dump it.
Appreciate your guys patience! Going to need all the help we can
translating it after it dumps,” the account tweeted Sunday, adding, “Why
would it matter if they pay or not if we plan on dumping it anyway? If they
pay, cool free money for #Ukraine, if not then we still dump it as planned.”

The hacker announced the previous weekend that they had conducted
penetration testing on 14,000 cameras around Kyiv — because “if we can, the
Russians can as well” — and found vulnerabilities in 300. “We’ll bring this
to the attention of #Ukraine IT as soon as possible. But it’s a lot better
than we were expecting,” they tweeted, adding that they would be moving on
to doing pentesting for other major Ukrainian cities’ cameras too.

Anonymous called for a worldwide boycott of Nestle products, claiming
attacks on the company’s sites over the past few days — and “that was only
a warning shot” — after the company, which has more than 7,000 employees in
Russia, said in a March 11 statement that they would “continue to do our
utmost to ensure a reliable supply of safe and essential food products for
the local people.” Nestle is far from the only company that has decided to
keep a foothold in Russia; for example, pizza chain Papa John’s said it
would suspend corporate operations in the country but a U.S. franchise
operator said 190 stores in Russia would remain open because “at the end of
the day, they appreciate a good pizza.”

The Anonymous calls against Nestle grew louder over the weekend. “As the
death toll climbs You have been warned and now Breached. Anonymous is
holding you responsible for the murder of defenseless children and mothers.
Nestle Leave #Russia,” said one tweet.

BlueHornet/AgainstTheWest, hackers who are working with Anonymous, reported
Sunday taking down Nestle’s French corporate site. “Seems that they’ve
fallen back to their .fr subdomain… Not like that matters. CloudFlare won’t
protect you @Nestle,” the group tweeted.

One prominent Anonymous account tweeted footage of the destruction in
coastal Mariupol, declaring, “The entire city was destroyed in 20 days by
Russian criminals. companies finance this war by sending money to the Putin
regime). The world is watching! All organizations that finance #Russia will
be targeted by #Anonymous…”

“Leroy Merlin, Auchan, Decathlon deciding not to leave the Russian market,
put their profit before solidarity with the victims of the genocide so we
will replace the barcodes of their products with invalid prices … blood
money must be stopped,” a video stated, showing sticker labels being
printed out with the Anonymous signature and “Free Ukraine” to place over
bar codes in the retailers’ stores — and, like other hacker-led information
warfare operations in #OpRussia, inviting non-hacker citizens to print out
the labels and take part. Photos also showed activists placing stickers
advising shoppers of the retailers’ actions on the handles of shopping
carts.


Anonymous programmers Squad303 created the 1920.in tool for anybody to send
random Russians text messages warning that the people of Russia would
suffer as a result of nations’ response to Vladimir Putin’s aggression and
that they need to know the truth about his unprovoked war. A week after its
launch, non-hackers supporting the #OpRussia initiative had sent more than
7 million text messages. That is now up to more than 30 million messages
countering Russian propaganda, and Squad303 has expanded the tool to be
able to send emails, WhatsApp messages, and now phone calls to Russians.

“Anonymous is the armed arm of the people of the free world against the
Kremlin and its supporters,” Squad303 said in a weekend video encouraging
even more everyday concerned citizens to become digital warriors and reach
out to Russians. “Operation Russia has become the largest cyber offensive
in the history of the world. Within a matter of hours, Anonymous shattered
the myth of Russia’s cyber warfare power.”

“Anonymous is a global tool to provide support to those in need, for each
and every one of us – no matter who we are or where we live!” they added.
“We don’t need to buy guns! Our weapons are our smartphones!”

Russian hackers were furiously trying to attack 1920.in, with Squad303
reporting “dozens” of attacks Saturday. “The Kremlin is afraid of YOU,” the
group tweeted. “No matter how many forces and resources they direct against
us, YOU are UNSTOPPABLE!”

Anonymous, GhostSec, Squad303 and ShdwSEC released a video message to
Russian citizens Saturday stressing that “your president is not fighting
the Nazis, he has some in his own ministers.”

“Don’t you see that your president is building a wall around your nation?”
the video asked. “While you all have your attention fixed on this war, you
give wildcard to your legislators, handing over your destiny to the
executive power… the people have always been stronger.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220321/18069dda/attachment.html>


More information about the BreachExchange mailing list