By CYFIRMA Research
First Published on 17 May 2021
Post Japanese government’s announcement to approve the plan of releasing radioactive contaminated water from the Fukushima Daiichi Nuclear Power Plant into the Pacific Ocean by 2023, there have been multiple threats on Twitter since April 13, 2021, from a suspected Anonymous member to protest against this political decision.
The Famous hacktivist collective, Anonymous, has gathered forces and pledged their unanimous support to execute disruptive activities on primarily the TEPCO website and have launched a cyberwarfare operation, titled OpFukushima, in this direction. This hashtag has been trending with the group claiming to have breached TEPCO’s website and posting unverified data on a paste site.
The Anonymous group has been actively using the hashtag and several Twitter handles, which have since emerged and using handles akin to Anonymous, have been posting target lists of future attacks as well as unverified claims of network-based attacks on Japanese organizations. Herein, Japanese organizations have been listed with no connection to the nuclear incident nor TEPCO. Anonymous is allegedly demanding an immediate suspension of the project, and has threatened to carry out similar disruptive or humiliation attacks on the listed Japanese organizations.
In this report, the CYFIRMA threat research team has summarized what was have detected so far regarding OpFukushima activities in an attempt to provide a clear view of actual threats against Japanese organizations.
Active since 2003, the Anonymous Hacktivist group is a decentralized online collective with no specific affiliation. They advocate freedom of speech, individual privacy, and are staunch opponents of censorship and surveillance. The international group is assumed to comprise anyone who wants to become a member with its supporters being referred to as ‘anons’.
Rebellion has been their regular theme, and they have garnered a lot of support from the online audience. A primary characteristic of the group is the use of voice garbling or text-to-speech software that lets anons mask their voice in video messages, which is usually posted as a warning prior to an attack.
Their motto, “We are Anonymous. We are legion. We do not forgive, we do not forget. Expect us”, has become a famous caption to their Twitter handles and symbolizes socio-political resistance.
A striking characteristic of Anonymous is the Guy Fawkes mask, portrayed in the novel and film ‘V for Vendetta’. Anonymous does not use any verified social media handles, with multiple groups using Twitter accounts and tagging each other for common causes and disseminating the group’s motives and campaigns.
The group first became popular in the early 2000s via the imageboard website 4chan message boards, known for its privacy and anonymity and became famous in 2008 when it targeted the Church of Scientology website in a DDoS attack to protest against the taking down of a Tom Cruise video on YouTube, which had him talking highly of Scientology, a controversial religious group.
As part of the campaign, Anonymous has been posting several links related to the environmental disaster including pacific ocean pollution, loss of marine biodiversity and radioactive damage. Various support groups, operating as Anonymous, primarily on the social media platform, Twitter, as identified by tracking the hashtag #OpFukushima, have listed potential targets as well as proof of what appears to be reports of TEPCO credentials. Few of the Twitter Handles of Anons actively posting and executing attacks related to OpFukushima are:
The group has been using the hashtag #TangoDown to name and shame the websites as well as post screenshots to drive home their goal.
The purported attacks appear to have been carried out at the end of last month, wherein a series of tweets were observed in which the allegedly primary culprit, TEPCO was targeted and the details posted, i.e., websites, name of the org, IP address and credentials.
The group, in a post last month, listed Japanese organizations, along with TEPCO, to cause confusion while diverting attention from the main target and raising questions regarding the validity of the other potential targets.
This can be corroborated with Anonymous numerous tweets accusing TEPCO being the primary agency behind the 2012 disaster as well as being given the authority now, to release the radioactive contaminated water in Pacific ocean.
DDoS Attack: Anonymous group is known to largely employ Distributed Denial of Service (DDoS) attacks, in which they flood a website’s server with requests that causes it to crash, making the website inaccessible.
Website Defacement: Another major attack method of Anonymous is defacement – wherein the target website’s pages are replaced with the hacktivists’ messages and graphics.
The group also uses more significant techniques such as doxing, in which private or sensitive information is stolen, destroying data using computer viruses, and “phishing” for extracting personal data.
As part of the OpFukushima, the Anonymous group had posted names of Japanese organizations on paste links, which on research, were never found to be connected to the nuclear disaster nor TEPCO. The group, in order to take away the attention from the main target, has listed other significant organizations, allegedly as diversion causing tactics, and reportedly has no intention to follow up on its target list entirely, as seen in the past.
Research on public forums revealed the list of Japanese organizations, likely to have been accessed from the paste links, posted on April 25, 2021.
The above list mentioned has been gathered from the source mentioned above which tracks all Anonymous operations and since that particular post, no significant update or attack methodologies including a plan or specific target have been posted. This is because, for whatsoever reasons, there has been no follow-up activity. This suggests that the Anonymous group is not reliable and the targets that they post are for garnering attention. The URLs and IPs which the group posts are, most of the time, picked up from open sources, and no sensitive information is gathered or posted by the group which indicates that the collective is not reliable nor possesses the resources to follow up on the threats issued.
The group has also posted a file dump, of documents that, on verification were found to be nowhere confidential and seemed to have been picked up from open sources.
https://anonfiles.com/h76av6u0u0/Fukushima_rar
Based on their past attacks and on verifying the link mentioned above, The Anonymous group posts target lists to issue threats as part of their Hacktivist nature. So far, barring a few instances, the threats have not been followed with a substantial attack and the claims of the sites being down also are merely screenshots of live traffic and can be easily doctored. In the OpFukushima operation, as witnessed, the group has claimed to have breached TEPCO and no substantial proof except screenshots of credentials were posted. The Japanese entities mentioned in the list are, about a month old and the group has moved on to other burning issues, for instance, OpIsrael, OpColumbia, etc. which indicates that the collective does not have the wherewithal to follow up on its operations, and its scattered presence as well as unfulfilled past threats, proves that the group is not serious and is merely a social causes activist out to cause awareness.
With the Fukushima news garnering limited attention from International media, the Anonymous group is trying to spread the news and make its presence felt via exposing TEPCO and pressurize Japan government to withdraw the order to release contaminated radioactive water into the Pacific ocean. To achieve this end goal, anonymity is the perfect tool under which the group operates to unabashedly execute its operations.
In this chaotic arrangement where the group does not focus on a single campaign at a time as evidenced on Twitter, and the lack of specific directives or hierarchical structure makes one question the authenticity of the various claims. The TTPs of the group suggest that it operates in small, spread-out groups with Hacktivism being the main prerogative. Lack of sophistication in its tactics, though untraceable, proves that the group is not backed by any Nation-state to carry out espionage-type attacks. Being decentralized makes the overall agenda diluted hence causing low impact attacks which are often reversible by the large organizations focused on cybersecurity practices.
As of April 21, 2021, no statements or target lists have been published by Anonymous and no signs of a major attack have been identified. Possible related operations include “OpGreenRights,” which has been protesting environmental issues, and “OpNuke,” which has previously included Japanese nuclear-related organizations on the target list.
To download the full report, write to [email protected]
