Cyber Threat Actor: Cyber.Anarchy.Squad
| Actor Type | Location | Known Incidents |
Activist
|
Ukraine
|
2 incidents |
|---|
Profile
Cyber.Anarchy.Squad, also referenced as Cyber Anarchy Squad, is a pro‑Ukrainian hacker group whose known location is Ukraine. The actor has publicly claimed responsibility for operations against Russian entities, focusing its activities on organizations based in Russia. Targeted sectors include cybersecurity firms, telecommunications providers, retail companies, and jewelry manufacturers, indicating a pattern of striking Russian‑based businesses across multiple industries. The group’s stated objectives, as expressed in its communications, involve causing disruption to victim infrastructure and leaking or destroying sensitive data, rather than pursuing financial gain or espionage.
In terms of tactics, the group has employed encryption of virtual machines and physical workstations to render systems unusable, accompanied by the destruction of large volumes of data measured in terabytes. It has also damaged network equipment to induce service outages that severed connectivity between the Russian Central Bank and financial institutions. To substantiate its claims, Cyber.Anarchy.Squad has shared screenshots, network diagrams, and purported internal communications via Telegram and file‑sharing services such as Mega. No specific malware families or initial‑access vectors are detailed in the available sources, and the group’s tooling appears centered on using public platforms for data dissemination and proof‑of‑concept sharing.
Attribution to a state sponsor is not explicitly established in the public record; the actor is described as a hacktivist collective aligned with Ukrainian interests, with occasional references to arrests of individuals conducting cyber operations against domestic institutions. Notable campaigns highlighted in reporting include the June 2024 attack on the Russian cybersecurity firm Avanpost, in which over 400 virtual machines and workstations were encrypted, more than 60 terabytes of data were destroyed, and approximately 390 gigabytes of alleged internal information were leaked. Another representative operation is the June 2023 assault on the Russian telecom provider Infotel JSC, which damaged network equipment, triggered a major outage that disrupted online payments for numerous banks, and was accompanied by the group’s claim of having destroyed the provider’s infrastructure entirely. These incidents illustrate the group’s focus on disruptive and data‑leaking actions against Russian targets.
