Cyber Incident Victim: Symantec

Between May 4 and 5, 2018, the hacktivist collective AnonPlus compromised a website belonging to Symantec, a leading cybersecurity firm known for its Norton antivirus software. The attackers targeted K9 Web Protection, a Symantec-owned web filtering tool primarily used in home environments to block malicious content. AnonPlus executed a defacement attack, replacing the site's original content with their political manifesto featuring their signature symbol—a figure in dark clothing with a plus sign replacing the head. The group claimed the attack was motivated by Symantec’s alleged role in enabling mass surveillance and manipulating public opinion through information control. Symantec confirmed awareness of the incident and initiated an investigation but emphasized no data theft or deletion occurred. The compromised site became inaccessible shortly after the attack, though archived cache versions preserved evidence of the defacement.

AnonPlus publicly claimed responsibility, framing the action as part of their broader campaign against entities they accused of suppressing free information. The group asserted affiliation with the Anonymous movement and cited prior operations, including February 2018 attacks against Italian political figures like Matteo Salvini, where they leaked 23GB of emails. Unlike those incidents, the Symantec breach involved no data exfiltration or permanent disruption. AnonPlus followed a self-described protocol of leaving restoration backups for technicians when attacking non-political targets, minimizing operational damage. The collective’s manifesto criticized antivirus vendors for pre-installing software on consumer devices, implying industry complicity in mass control. Symantec restored control of the K9 Web Protection site without disclosing technical details of the intrusion or subsequent remediation steps.