Menu
Browse

Cyber Threat Actor: AgainstTheWest

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Activist
United States of America
2 incidents
Profile

AgainstTheWest, also known as ATW, is a hacktivist group that operates under the broader Anonymous collective. The group has been publicly identified as originating from the United States of America. It aligns itself with Anonymous’s self‑declared mission to oppose perceived injustices through online actions. ATW has used its alias in several announcements related to operations against Russian entities.

The group’s targeting has focused on Russian government institutions, state‑owned corporations, military organizations and affiliated cybercrime groups. These targets are located primarily within the Russian Federation and, to a lesser extent, Belarus. Their stated objective is to disrupt Russian operations and expose information that could aid Ukrainian resistance efforts. Activities have included the leakage of internal documents, source code and surveillance material to undermine the adversary’s capabilities.

Observed tactics involve breaching public‑facing websites to extract databases containing subdomains, backend IP addresses and project information. The group has exfiltrated source code from energy firms such as Gazprom and has leaked internal chat logs and malware source code from the Conti ransomware syndicate. In addition, ATW has compromised IP‑based surveillance cameras to obtain live feeds of Ukrainian movements. These actions demonstrate a focus on data theft and the repurposing of leaked material rather than the deployment of custom malware.

A representative campaign is the #OpRussia initiative launched after the 2022 invasion of Ukraine, during which ATW claimed responsibility for the breach of Gazprom’s database and the release of its WellPro project data. The group also disclosed the database of the Russian Ministry of Economic Development and the gov.ru domain, publishing subdomains and server IPs. Further, ATW distributed alleged Russian invasion plans, Black Sea Fleet strategic files and accessed surveillance cameras to monitor Ukrainian troop movements. The operation also included the publication of Conti ransomware internal communications and the associated malware source code.

Attribution to ATW is derived from its self‑identification as an Anonymous‑linked entity and from multiple threat‑intelligence reports that associate the alias with the described incidents. No public evidence links the group to a state sponsor or a criminal consortium; it is characterized as a hacktivist actor. The group’s known geographic base is the United States of America, as noted in open‑source references. These facts define the current public profile of AgainstTheWest.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
1 source