- Manipulated screenshots and other documents appear to prove responsibility
- This strategy can be used to bolster a group’s reputation, even without real evidence.
- READ MORE: Russia-linked hackers who attacked Royal Mail shut down in sting operation
A pro-Russian hacktivist group has claimed responsibility for AT&T outages that left many customers’ phones stuck in “SOS mode.”
The groups 62IX, the Popular Liberation Front and the Anonymous Legion claimed responsibility for the incident.
These groups, which one cybersecurity expert criticized for being pro-Russian, also claimed responsibility for other telecommunications outages in the United States.
But the claim is false, said a cybersecurity and hacktivism expert who uses the alias ‘CyberKnow’ in a post on X.
It’s an example of what the writer called “post-event victim claims,” designed to create confusion and bolster his reputation.
Claims about AT&T outages came from several groups, including one called ‘Anonymous Legion’, which uses the Guy Fawkes mask as its signature look.
CyberKnow claims to be an expert in “situational awareness” and “threat intelligence,” as well as a “hacktivist tracker” and “meme farmer.”
“Pro-Russian hacktivists falsely claim AT&T and other US telecommunications outages,” CyberKnow wrote.
“62IX, the Popular Liberation Front and the Anonymous Legion claim to be responsible,” they continued.
‘What we have here is an example of ‘post-event victim claim’, where hacktivist groups use screenshots, like this downdetector example, once an event has a lot of media attention and then try to claim which was his attack. Anonymous Sudan has also done this on occasion. It is a form of information manipulation and also an attempt to build an internal reputation in the hacktivist community.’
In short, once a disruption has occurred, a group fabricates evidence that they were responsible.
The objectives of such action are twofold: to spread misinformation and to reinforce the reputation of a group as powerful and prodigious among other hackers.
A screenshot attached to the X post showed that someone had shared data from telecommunications outages on the social media app Discord, using it to claim responsibility for the People’s Liberation Front.
This screenshot from Downdetector, shared on Discord, purports to show that the People’s Liberation Front was responsible for multiple telecommunications outages.
So far authorities have not identified who is responsible for the AT&T outage, or whether the problem appeared to be due to hackers.
Even if the groups are not responsible, they are not idle threat creators either.
CyberKnow calls them “pro-Russian”
62IX, for example, has a history of ransomware attacks, in which they encrypt all files on a computer network and threaten to delete them unless they receive payment.
According to reports from its victims, the group changes file names and adds “62IX” at the end so that victims know what files They have been locked up by the group.
CyberKnow referred to the groups as “pro-Russian,” but Anonymous has shown its opposition to Putin. declaring war on Russia’s cybersecurity ecosystem last year.
This story will be updated with additional information as it becomes available.