Menu
Browse

Cyber Threat Actor: AnonPlus

Actor Type Location Known Incidents
 Icon
Activist
Italy
8 incidents
Profile

AnonPlus is a hacktivist collective operating primarily in Italy, publicly affiliated with the broader Anonymous movement but distinct from regional subgroups like Anonymous Italia. The group gained notoriety between 2017 and 2018 for high-profile cyberattacks against Italian political entities, media organizations, and technology firms, often leaking sensitive data to advance ideological objectives. Their operations consistently targeted entities perceived as enabling social control, corruption, or information manipulation, aligning with a self-described mission to "restore media dignity" and combat mass surveillance. AnonPlus employed website defacements as a signature tactic, replacing legitimate content with political manifestos criticizing institutional power structures while frequently exfiltrating and publishing victim data through social media platforms like Twitter.

The group demonstrated a consistent focus on Italian political targets, including breaches against the Democratic Party's Florence branch in February 2018 where they leaked member lists containing personal addresses and contact details of prominent figures like Matteo Renzi. They similarly attacked the League party's infrastructure, claiming access to internal communications of leader Matteo Salvini. AnonPlus expanded operations to municipal targets like Bologna's civic network in April 2018, causing extended service disruptions to force deadline extensions for public services, and media outlets including IlGiornale, where they published fabricated news about Silvio Berlusconi's imprisonment. Technical analysis of their 2018 breach against the Italian Society of Authors and Publishers revealed exploitation of unpatched Drupal vulnerabilities, indicating opportunistic targeting of outdated web infrastructure. While primarily Italy-centric, the group also claimed intrusions against Central American governmental bodies and cybersecurity firms like Symantec, defacing the K9 Web Protection page to denounce corporate complicity in mass surveillance without data theft. Law enforcement interventions occurred in isolated cases, such as the arrest of an individual linked to the PD Florence attack who claimed non-political motives, though AnonPlus maintained persistent operational activity across multiple campaigns emphasizing anti-establishment rhetoric through coordinated digital disruptions.

Incidents
Attributed incidents available to members
8 incidents
Sources
Sources available to members
6 sources