By CYFIRMA Research
First Published on 27 Apr 2021
Following the coup in Myanmar by the country’s military forces which has detained the elected leader Aung San Suu Kyi and members of her National League for Democracy (NLD) party alleging fraud in the general election, massive protests have been taking place in the country against the coup. To suppress the protestors, the military blocked communication services, including internet and telecom services to quell the uprising. The media also has been prohibited to report on the protest and independent media companies licenses have been revoked which makes their reporting illegal.
In retaliation, several videos and images have surfaced online, predominantly on Twitter under the hashtag #WhatsHappeningInMyanmar, which has garnered huge support in the form of online protests, empathizing with the people and their cause.
The initial hacking campaign, carried out by a group called Myanmar Hackers, claimed to have successfully hacked government websites and a state-run news agency. The famous hacktivist collective, Anonymous, joined and pledged their unanimous support to continue the disruptive activities on the government websites and have launched a cyberwarfare operation, titled OpMyanmar. The hashtag has been trending with the group claiming to have brought down several government websites, ranging from the National Bank to the Presidency.
The Anonymous group has been actively using the hashtag and several Twitter handles, which have since emerged using handles akin to Anonymous, are actively posting target lists of future attacks as well as tweeting about unverified claims of DDoS attacks on organizations. Many Japanese organizations have been listed due to their alleged funding of the shell companies having ties to the Myanmar military- and helping them build a large-scale complex on the site of a military museum in one of the provinces. The Anonymous group is allegedly demanding an immediate suspension of the project and has threatened to carry out similar disruptive or humiliation attacks on the listed Japanese organizations.
The Anonymous Hacktivist group is a decentralized online collective with no specific affiliation. They advocate freedom of speech, individual privacy, and are staunch opponents of censorship and surveillance. The international group is assumed to comprise anyone who wants to become a member with its supporters being referred to as ‘anons’.
Rebellion has been their regular theme, and they have garnered a lot of support from the online audience. A primary characteristic of the group is the use of voice garbling or text-to-speech software that lets anons mask their voice in video messages, which is usually posted as a warning before an attack.
Their motto – “We are Anonymous. We are legion. We do not forgive, we do not forget. Expect us”, has become a famous caption to their Twitter handles and symbolizes socio-political resistance.
A striking characteristic of the Anonymous Group is the Guy Fawkes mask, portrayed in the novel and film ‘V for Vendetta’. It does not use any verified social media handles, with multiple groups using Twitter accounts and tagging each other for common causes and disseminating the group’s motives and campaigns.
The group first became popular in the early 2000s via the imageboard website ‘4chan’, known for its privacy and anonymity and became famous in 2008 when it targeted the Church of Scientology website in a DDoS attack to protest against the taking down of a Tom Cruise video on Youtube, which had him talking highly of Scientology, a controversial religious group.
What started as a campaign to show solidarity to the victims of the protest, has turned into a full-blown smear campaign comprising claims of successful hacks of Myanmar government websites, primarily via DDoS attacks and defacement. Various support groups, operating as Anonymous, Twitter, as identified by tracking the hashtag #OpMyanmar, have listed potential targets as well as proof of what appears to be reports of websites downtime. Few of the Twitter Handles of Anons actively posting and executing attacks related to OpMyanmar are:
The group has been using the hashtag #TangoDown to name and shame the websites as well as post screenshots to drive home their goal. Also, another prominent hashtag included #MilkTeaAlliance which again is an online solidarity movement primarily comprising of netizens from Hong Kong, Taiwan, Thailand, and Myanmar (Burma).
The purported attacks appear to have been carried out at the end of last month, wherein a series of tweets were observed in which various Myanmar organizations were allegedly targeted and the details posted, i.e., websites, name of the org., screenshots of website connection downtime.
The group, post its domestic targeting, spread its wings and began posting unverified tweets accusing Japan of supporting and funding the Myanmar military forces, as well as posting target lists which included links to various paste sites, again of which most of them are down or have been deleted, raising questions regarding the validity of these potential targets.
A few of the paste sites that were posted and found inactive or list being deleted are:
https://justpaste.it/opmyanmar_Japan_file
The major motivation behind targeting the Japanese government and a few of the country’s private organizations appears to be a development project named ‘Y Complex’, a USD 320 million complex that includes an Okura Prestige hotel, shops and offices, allegedly being built on a historic site owned by the Myanmar military in Yangon city centre.
According to the tweets, the Japanese investors, are Fujita Corporation, Tokyo Tatemono and the Japan Overseas Infrastructure Investment Corporation for Transport & Urban Development (JOIN), which allegedly control 80 per cent of Y Complex. JOIN is a Japanese Government entity. Further incriminating details of the project and the money trail has been detailed in the following link, which indicates the group’s intent to target and execute attacks on the Japanese organizations:
https://www.justiceformyanmar.org/stories/land-lease-payments-tie-japanese-gov-and-investors- to-myanmars-military
Research from one particular tweet, which posted a list of 105 organizations, called the Dirty list, hinted towards potential future targets spread across geographies supporting the Myanmar Military in its business ventures and violating human and environmental rights:
https://twitter.com/AEGISAllianceTM/status/1384963809853550598
From this list, 3 Japanese organizations were listed as follows:
fukken.co.jp – Fukken is a Japanese Civil Engineering Consultancy Company. Its subsidiary in Burma, Fukken Myanmar, carries out work for military-owned companies.
jcb.co.jp – Japan Credit Bureau (JCB), JCB is a Japanese card payment company. In Burma it is in a business relationship with the military-controlled Myawaddy Bank, providing card payment systems.
corp.asahi.co.jp – Osaka Asahi Group is a Japanese shipping and transport company. It owns Osaka Asahi Shipping, which in turn owns the Sinar Bali container ship. The Sinar Bali uses the military-owned Hteedan International Port in Yangon.
The primary motivation behind these smear campaigns by the anonymous groups, whose victim list also includes global oil & gas companies, is to suspend the major revenue of the Myanmar military, which is profits from Real estate and Oil & Gas, which supports the illegitimate junta’s rule.
1. The threat actor group is suspected of initiating attacks against government websites of Malaysia as part of its suspected operation – wake-up call with possible DDoS attacks. The alleged attacks were to be carried out in protest of the data leaks taking place across organizations in Malaysia and demanding the government taking more action to prevent such attacks.
Link: https://www.thestar.com.my/tech/tech-news/2021/01/26/security-expert-says-anonymous- malaysias-threat-must-be-taken-seriously-doesnt-expect-all-out-attack
Date: 25-Jan-2021
2. The threat actor group is suspected to be behind the takedown of the Law Enforcement agency website in Uganda through possible DDoS Attacks. The cyberattack carried out by group is believed to be in response to the loss of lives of protestors who were protesting against the arrest of high-profile political individual.
Link: https://redpepper.co.ug/2020/11/cyber-attacks-anonymous-hack-uganda-police-website-in-wake- of-bobi-wine-city-riots/
Date: 19-Nov-2020
3. The threat actor group is believed persuaded fans of Korean pop music to hijack the pro-police Twitter hashtag supporting Black Lives Matter and are alleged of taking down the Law Enforcement agency app by flooding it with K-pop fan videos. The threat actor is suspected to be behind the attack as the incident took place few days after they posted a video about targeting Law Enforcement agencies.
Link: https://www.darkreading.com/theedge/whats-anonymous-up-to-now/b/d-id/1338112 Date: 02-Jun-2020
4. The threat actor group is suspected of taking down the Law Enforcement agency website in the US by breaching its database and potentially leaking 798 emails and credentials. The threat actor is believed to be behind the attack as the incident took place a few days after posted a video was posted about targeting Law Enforcement agencies.
Link: https://www.darkreading.com/theedge/whats-anonymous-up-to-now/b/d-id/1338112
To download the full report, write to [email protected]