Pro-Russian hackers claim THEY were responsible for the AT&T outage that left 70,000 people stuck in SOS mode – but experts say claims are dubious
- Manipulated screenshots and other documents appear to prove responsibility
- This strategy can be used to boost a group’s reputation even without real evidence
- READ MORE: Russia-linked hackers who targeted Royal Mail have been put in a lurch
A pro-Russian hacktivist group has claimed responsibility for the AT&T outages that left many customers’ phones stuck in “SOS mode.”
Groups 62IX, the People Liberation Front and Anonymous Legion claimed responsibility for the incident.
These groups, which were criticized by a cybersecurity expert as pro-Russian, have also claimed responsibility for other US telecommunications disruptions.
But the claim is false, claims an expert on cybersecurity and hacktivism, who goes by the alias ‘CyberKnow’ in a post on
It’s an example of what the writer called “post-event victim claiming” designed to sow confusion and enhance their reputation.
The claims about AT&T’s outages came from multiple groups, including one called “Anonymous Legion,” which uses the Guy Fawkes mask as its signature look.
CyberKnow claims to be an expert in ‘situational awareness’ and ‘threat intelligence’, as well as a ‘hacktivist tracker’ and ‘meme farmer’.
Two members of the group have been hit with sanctions.
“Pro-Russian hacktivists falsely claim the outage of AT&T and other US telecommunications,” CyberKnow wrote.
“62IX, the People’s Liberation Front and Anonymous Legion claim responsibility,” they continued.
‘What we have here is an example of ‘post-event victim claiming’ – where hacktivist groups use screenshots, like this example from downdetector, once an event has a lot of media attention and then try to claim it was their attack. Anonymous Sudan has also done this from time to time. It is a form of information manipulation and also an attempt to build internal reputation in the hacktivist community.”
Basically, once a disruption has occurred, a group concocts evidence that they were responsible.
The purpose of such an action is twofold: it spreads disinformation and enhances a group’s reputation as powerful and prodigious among other hackers.
A screenshot accompanying the
This screenshot from Downdetector, shared on Discord, purports to show that the People Liberation Front was responsible for multiple telecommunications disruptions.
So far, authorities have not mentioned who is responsible for the AT&T outage, or whether the problem appeared to be due to hackers.
Although the groups are not responsible, they are not idle threat makers either.
CyberKnow calls them ‘pro-Russian’
For example, 62IX has a history of ransomware attacks, where they encrypt all files on a computer network and threaten to delete them unless they receive payment.
Based on reports from their victims, the group changes the file names, eventually using ’62IX’, i.e. victims know which files have been locked up by the group.
CyberKnow has called the groups “pro-Russian,” but Anonymous has shown its opposition to Putin. declare war about Russia’s cybersecurity ecosystem last year.
This story will be updated with additional information as it becomes available.