Cyber Incident Victim: K9 Web Protection
Date:
May 2018
Location:
Italy
Summary
A cyberattack targeting Symantec's K9 Web Protection service involved website defacement by the hacktivist group AnonPlus, which replaced the site's content with a political manifesto criticizing mass control through information manipulation. The attackers claimed no data theft or deletion occurred, aligning with their stated motive of disrupting entities perceived as enabling societal control. AnonPlus, affiliated with the broader Anonymous movement, has a history of similar actions against political targets and institutions, often leaking sensitive data, though this incident focused solely on temporary disruption. Symantec acknowledged the breach and initiated an investigation while restoring control of the affected site.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On the night of May 4-5, 2018, the hacktivist collective AnonPlus compromised the website of K9 Web Protection, a Symantec-owned internet filtering tool primarily used for home computer protection. The attackers executed a defacement attack, replacing the site's content with their political manifesto while displaying their signature symbol—a figure in dark clothing with a plus sign replacing the head. AnonPlus claimed the operation targeted entities contributing to mass control through information manipulation, asserting Symantec exploited its market position to pre-install software on consumer devices. The compromised site became inaccessible following the attack, though evidence remained visible through cached page versions that preserved the defaced content. Symantec confirmed awareness of the incident and initiated an investigation but disclosed no data theft or deletion occurred during the breach. The group emphasized their affiliation with Anonymous and stated they provided restoration copies to technicians for non-political targets, though Symantec regained control without publicly acknowledging receiving such assistance.
The incident marked AnonPlus's resurgence following previous attacks against Italian political targets, including League party leader Matteo Salvini’s websites and the Florentine Democratic Party, where they had leaked 23GB of staff emails in February 2018. K9 Web Protection’s targeting represented an escalation to international cybersecurity infrastructure, contrasting with prior politically focused operations. While the attack caused temporary service disruption and reputational exposure for Symantec as a leading antivirus provider, no operational systems beyond the public-facing website were confirmed compromised. Security experts cited the breach as evidence of vulnerabilities within established cybersecurity firms. Symantec’s public response remained limited to acknowledging the investigation without subsequent updates on remediation measures or technical findings.