In just a few months, Anti-Western hackers have made a name for themselves in the underworld of the web. without understanding who they really are.
Sure, they’re intriguing, these are AgainstTheWest members. Are they exemplary activists, including partly French members? Or intelligence service agents carrying out an influence operation with false knowledge? Or just obsessed with myths? In the absence of the ability to make a final decision, we can already trace their strange saga.
For AgainstTheWest, also known by his initials ATW and later as the Blue Hornet, it all started on October 14, 2021. Then the hacker group went public at the defunct Raidforums. In their second post on this central site in the data leak, AgainstTheWest claims to have hacked China’s central bank. The process, which required two months of work, is called “renminbi,” in reference to the Chinese yuan. The group maintains that this unauthorized access allowed it to access internal data, which was sold for just $1,200.
Then the group claimed in late October that it had hacked China’s Ministry of Public Security. Then, in mid-November, it provided samples of the source code stolen from ByteDance, the creators of the social network TikTok. Thanks to a series of data leaks recounted by independent security researcher Aaron de Vera, hackers very quickly built themselves, in just a few weeks, a solid reputation in the underworld of the web.
In defense of liberal democracies
But their profile is surprising. As their name badly suggests, these hackers want to defend Western liberal democracies. ” We are a group of people who hold a grudge against authoritarian and corrupt governments ”, they detailed in a thread published at the end of October on Raidforums.
Thus, they state their indignation at Chinese cyber-attacks. Another subject of indignation: Beijing’s support for North Korea. Finally, they are indignant at the fate reserved for the Uyghur minority. On Github, the group summarizes the range of its activities between journalism, hacking, and cybersecurity.
In pursuit of fame, AgainstTheWest willingly bows to the interview game. Like the one published by Databreaches.net at the beginning of April. The interviewee claims that the group includes six former members of the intelligence services huddled around Pascal. A French first name indicating a connection between the group and France. Just like using, with stinginess, a few words from Molière’s language, such as “thank you.”
The turning point of the Russian invasion
Not surprisingly, the Russian invasion of Ukraine would give a clue against the West. Thus the group claims to have offered itself the cybercriminals of ” upcoming project who had just announced that he had joined the Russian camp. Instead, the hackers indicate that they passed the data of the Cooming cybercriminals to the relevant French authorities, once again.
The hackers also claim that several electronic skirmishes began after the start of military operations. Thus AgainstTheWest shares new data leaks targeting Russian companies and administrations resulting from the “ruble” operation … the ruble, that is, the Russian currency. The hackers claim to have also gotten their hands on information about Chinese and Russian hacking groups. They even publish a doc of the so-called Killnet member, this group of pro-Russian hackers.
So many heroic deeds that prove, for Cyberint, to be about hacking operatives” most interested In the past few months. ” Their abilities place them as one of the best so far ‘, summarizes this company in a post.
However, other researchers are more skeptical of ATW’s work. Thus, cybersecurity firm Checkpoint questions the truth about the hacks that were carried out. ” Further examination reveals that for many of the claims, there is no solid evidence other than the very general screenshots allegedly coming from the hacked organizations. Company notices. Sukradar is also wondering if the group is not bringing back old leaks online to promote themselves.
a taste of mystery
The controversy should not displease this group, who are clearly masters of plot marketing. Hence he chose as his avatar the Max Headroom image, referring to the clip rap god Eminem. But this 80s science fiction series is famous today for its mysterious breakthrough. A man wearing a mask bearing an image of this character from the series briefly appeared on a local television station in Chicago in 1987. For the first email address mentioned, [email protected]disguise a sarcastic message by mentioning the URL that has become a legend on the web.
And about Pascal, who was reported to have contracted cancer in March, the group’s spokesperson specifies in a peculiar way: “ We are not sure if this is the truth because only his parents told us that he died. Then the hackers claimed in a post, which has since been deleted, that they were a state group. Which would be somewhat surprising, if true. Hackers have finally announced several times that their activities have stopped, as shown in the message (below) in mid-April on Telegram.
But after more than a month, right or wrong, a new leak was recently made targeting the Russian military intelligence (GRU) attached. ” AgainstTheWest or BlueHornet no longer exists. However, I am now working with two intelligence agencies in Europe ‘, however, confirms to Numerama the person who runs the ATW mailbox.
As Aaron de Vera pointed out in his newsletter, cyber security professionals can be wary when a group of alleged hacking operatives suddenly appears in an unknown location. ” But with “Against the West”, there may be evidence of authenticity As such, the group’s sometimes confusing messages instead appeal to the idealists’ thesis. Admittedly talented, but still amateurs.