The arrest of Pavel Durov, the founder of Telegram, on August 24, 2024, has ignited international controversy and sparked outrage among hacktivist groups.
Durov’s platforms, Vkontakte and Telegram, have been crucial for online communication and information sharing within hacktivist communities.
Vkontakte, once known for its lax copyright enforcement and vast collection of illicit content, served as a hub for forming groups, exchanging information, and accessing pirated materials.
It has raised concerns about freedom of speech and the responsibilities of social media platforms, while also galvanizing hacktivists to defend Durov and his platforms.
Telegram emerged as a popular platform for pro-Russian hacktivists due to its minimal moderation and Durov’s libertarian approach to privacy and free speech, as these groups used the platform to organize, create communities, and trade illicit services and software.
Durov’s detention in France sparked a surprising show of unity among the Russian government, pro-Russian activists, and even exiled Russian opposition members, who all expressed their disapproval of the French authorities’ decision.
While the government and opposition issued formal statements, pro-Russian hacktivists launched online campaigns in support of Durov and Telegram, highlighting the platform’s importance to their activities.
Following news of Pavel Durov’s arrest in France, Russian hacktivist groups, including UserSec, CyberDragon, and EvilWeb, quickly rallied on Telegram to launch a cyberattack campaign against France.
Alliances like High Society and Holy League amplified the call, mobilizing their members to join the effort. The collective, united under the hashtag #OpDurov, sought to leverage their technical expertise and digital infrastructure to target French government and private sector systems.
The coordinated cyberattacks initiated by UserSec and the People’s Cyber Army against French institutions, including the Court of Cassation, the Administrative Court of Paris, and AXA Group, have escalated significantly.
Additional pro-Russian hacktivist groups such as Cyber Dragon, ReconSploit, Evilweb, Rootspolit, CGPlnet, and RipperSec have joined the coalition, expanding the scope and intensity of the attacks.
These groups have launched distributed denial-of-service (DDoS) attacks and other techniques to disrupt critical online services and infrastructure within France.
Hacktivists launched a multi-pronged cyberattack, targeting critical infrastructure such as airports, ferry services, and government websites. While a large-scale assault was anticipated on the day of the court hearing, activity was relatively subdued.
The People’s Cyber Army claimed to have compromised the industrial control systems of a French dam, providing video evidence of their intrusion into a power transmission control panel manufactured by ELEC-ENR.
According to Cyble, a leaked FSB Border Service database, “Kordon 2023,” revealed Pavel Durov’s frequent travel to Russia between 2014 and 2023, contradicting his claims of severed ties.
The database contained sensitive information such as his full name, travel dates, locations, modes of transportation, and destinations, while his presence in Russia on the day Roskomnadzor lifted the Telegram ban added to the intrigue.
It mysteriously disappeared shortly after its appearance, raising questions about its origin and purpose. Russian investigative journalists verified the database’s authenticity and accuracy.