Menu
Browse

Cyber Threat Actor: Anonymous Russia

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Activist
Russia
10 incidents
Profile

Killnet is a pro‑Russian hacktivist collective that is publicly identified as Anonymous Russia and operates a subordinate unit known as Legion. Open‑source reporting describes the group as aligning with Russian state interests while being labeled explicitly as a hacktivist rather than a state‑sponsored entity. The collective has claimed responsibility for a series of distributed denial‑of‑service actions that are characterized in public statements as protests against perceived anti‑Russian policies. No additional aliases or formal organizational structure are disclosed in the source material.

The group’s activity is consistently described as disruptive, with the primary objective being to interrupt the availability of online services rather than to pursue financial gain or espionage. Targets have included government web portals, aviation infrastructure, critical‑information‑systems portals and entities located in countries that have expressed support for Ukraine. The FBI’s assessment cited in the reporting notes that the impact of these operations is limited because the attacks focus on public‑facing websites instead of the underlying services they support. No statements of intent are limited to the disruption narrative presented by the actors themselves.

The only technique explicitly referenced in the material is the use of distributed denial‑of‑service attacks; no specific malware families, exploit kits or initial‑access vectors are mentioned. Attribution is openly claimed by the actors themselves, who identify as part of the Killnet/Anonymous Russia network and reference the Legion sub‑group for certain operations. Representative campaigns cited in the sources include a DDoS takedown of the European Parliament’s website, repeated disruptions of major U.S. airport sites such as LAX and ATL, DDoS attempts on U.S. government domains in Colorado, Kentucky and Mississippi, an alleged successful outage of CISA’s Protected Critical Infrastructure Information Management System after thwarted attempts on the U.S. Treasury, and actions against Romania, Italy, Norway and Lithuania, the latter two attributed to the Legion faction. These examples illustrate the group’s recurrent reliance on volumetric traffic‑flooding to achieve temporary service interruptions.

Incidents
Attributed incidents available to members
10 incidents
Sources
Sources available to members
2 sources