Anonymous Russia

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Anonymous Russia, a malicious software (malware), has been associated with significant cyber-attacks, accounting for more than 30% of such incidents. This malware is affiliated with other hacktivist groups including Killnet, MIRAI, Venom, and has been involved in promoting Passion. Anonymous Russia, alongside pro-Russian groups like NoName057(16) and others, targeted Poland as well as individuals and organizations opposing the Russian invasion of Ukraine. The attacks included defacement and denial-of-service activities, causing substantial disruptions. The group amassed a following of 9,000 members but lagged significantly behind larger patriotic hacktivist groups. Despite this, its influence remained notable within the broader landscape of pro-Russia hacktivist entities such as Turla, XakNet, KillNet, NoName057(16), Anonymous Russia, and Cyber Army of Russia. However, the group experienced internal changes when Killnet announced the appointment of a new head for Anonymous Russia, named Radis, indicating shifts in its leadership structure. In recent developments, the original head of Anonymous Russia, Raty, was apprehended by Belarusian authorities after their identity was exposed by KillMilk, the leader of Killnet. Following this event, the original Telegram channel of Anonymous Russia was completely wiped and replaced by a new channel with the same name. Moreover, it was announced that the group would transform into a DDoS-for-hire entity, offering its services to any interested parties. This change signifies a shift in the group's modus operandi from primarily political motivations to a more commercial focus.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Cyber Army of Russia
2
The Cyber Army of Russia, a threat actor group known for its malicious cyber activities, has been identified as the most active entity claiming Distributed Denial of Service (DDoS) attacks against Ukraine. This information was revealed in recent research conducted by ASERT, which also highlighted th
Cyberarmyofrussia_reborn
1
CyberArmyofRussia_Reborn is a threat actor with suspected links to the GRU, Russia's main intelligence agency. This group has been associated with several high-profile cyberattacks, including those on US and Polish water utilities and a French dam. The group uses its Telegram channel to leak stolen
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Russia
Telegram
Ddos
Denial of Se...
Rat
Botnet
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
KillmilkUnspecified
3
KillMilk, a threat actor and leader of the hacking group Killnet, has been identified as Nikolai Serafimov, a 30-year-old Russian citizen. KillMilk has been instrumental in consolidating Russian hacktivist groups under Killnet's leadership, amassing a following of 8,000 members on his personal Teleg
KillNetUnspecified
3
Killnet is a pro-Russian threat actor group that has been linked to a series of disruptive cyberattacks, particularly targeting governments and organizations that have expressed support for Ukraine. The group's activities gained prominence after Russia was banned from the 2022 FIFA World Cup due to
Xaknet TeamUnspecified
1
XakNet Team is a notable threat actor that has emerged amidst the escalation of conflict in Ukraine. This group, along with other self-proclaimed hacktivist groups such as CyberArmyofRussia_Reborn and Infoccentr, have surfaced since the beginning of the war, engaging in malicious cyber activities. X
XakNetUnspecified
1
XakNet is a notable threat actor, potentially aligned with Russian interests, that has been implicated in various cyber attacks. This group emerged prominently during Russia's conflict with Ukraine and the subsequent ban on Russia from the 2022 FIFA World Cup. The Russian government was suspected of
NoName057Unspecified
1
NoName057 is a threat actor group known for its pro-Russian stance and execution of cyber-attacks with political motivations. In August 2023, the group made headlines when it launched Distributed Denial of Service (DDoS) attacks against multiple Czech banks and the Czech stock exchange. These attack
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Killnet's KillmilkUnspecified
1
None
Source Document References
Information about the Anonymous Russia Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
BankInfoSecurity
a year ago
KillNet DDoS Attacks Further Moscow's Psychological Agenda
BankInfoSecurity
10 months ago
Canada Confirms DDoS Attack Disrupted Airport Arrival Kiosks
CERT-EU
a year ago
Killnet Tries Building Russian Hacktivist Clout With Media Stunts
Flashpoint
a year ago
Killnet Ostracizes Leader of Anonymous Russia, Adding New Chapter to Pro-Kremlin Hacktivist Drama
BankInfoSecurity
10 months ago
Red Cross Tells Hacktivists: Stop Targeting Hospitals
BankInfoSecurity
10 months ago
Ukraine Cyber Defenders Prepare for Winter
CERT-EU
a year ago
Hacktivism Unveiled, April 2023 Insights Into the Footprints of Hacktivists
BankInfoSecurity
5 months ago
Down, Not Out: Russian Hacktivists Claiming DDoS Disruptions
BankInfoSecurity
a year ago
Modern-Day Hacktivist Chaos: Who's Really Behind the Mask?
CERT-EU
5 months ago
Down, Not Out: Russian Hacktivists Claiming DDoS Disruptions
Flashpoint
7 months ago
How Flashpoint Shaped the News in 2023: Data, Intelligence, and Domain Expertise
CERT-EU
a year ago
Cybercrime Front Lines in Russia-Ukraine War Move to Eastern and Northern Europe | #cybercrime | #infosec – National Cyber Security Consulting
CERT-EU
10 months ago
At least 23 Russian hacker groups targeted Ukraine in 2023, Ukraine’s cyber defense says