From WikiAlpha
Jump to: navigation, search

AgainstTheWest, otherwise known as ATW, is a hacktivist group. Believed to be based in western Europe, the group gained notoriety in 2022 for a breach of the Rosatom.[1]

The group has been rebraded to use the name BlueHornet as well as AgainstTheWest.[2]

Group Origins & The Russo-Ukrainian War

Dating back to October 2021, AgainstTheWest have been engaging in cyber-attacks prominently on the country of China.[3] However, this was switched up when the group decided to target Russian companies and government agencies in November and December 2021.[4][5][6]

Ahead of the Russian invasion of Ukraine in 2022, AgainstTheWest has been working on leaking data surround Russian companies and government agencies in the form of source code, sensitive documents, images and blueprints. The group has collaborated on many occasions with Anonymous via leaks on Telegram and Twitter.[7][8][9][10]

It is widely believed that AgainstTheWest is a front for state-sponsored hackers, as the group have used sophisticated methods of attacks commonly employed by nation-state groups.[11]

Notable Data breaches

Rosatom: On February 28, AgainstTheWest had published Rosatom's Allure and source code from their development platform.[12][13]

Gazprom: On March 5th, AgainstTheWest released the internal source code belonging to Russian energy giant, Gazprom.[14]

PromEngineering: On March 1st, AgainstTheWest release data belonging to PromEngineering, in the form of blueprints of power source development.[15]

Nestlé: On March 21st, AgainstTheWest had issued a warning shot to Nestle and other companies refusing to backout of Russia ahead of the Russo-Ukrainian War.[16]

People's Bank of China: On October 15th, AgainstTheWest put-up the sale of the backend source code belonging to the Bank of China.[17]

Sberbank: On March 2nd, AgainstTheWest published the data belonging to Sberbank, one of Russia's major state-owned banks.[18][19][20]

NPKTAIR: A day later, on March 3rd, AgainstTheWest went ahead and published data belonging to NPKTAIR, a Russian tool-manufacturer.[21]

Almaz-Antey: On January 18th, AgainstTheWest published the a massive collection of data belonging to Almaz-Antey, a major Russian defence contractor.[22]


  1. blueliv (2022-03-07). "The Russia-Ukraine crisis shakes up the cybercriminal ecosystem" (in en-US). 
  2. thenews24, thenews24 (21 March 2022). "Anonymous hackers launch 'warning shot' at those who refuse to withdraw from Russia". 
  3. "Dark Web Roundup: December 2021" (in en-US). 2022-01-13. 
  4. DeVera, Backchannel and Aaron (2021-12-10). "AgainstTheWest, the hacking group wreaking havoc on Chinese government and corporate targets". 
  5. "AgainstTheWest threatens to leak data of government agencies in China" (in en-US). 2021-12-07. 
  6. "Russian-Supporting Ransomware Gang Member Leaks Group's Chats" (in en-US). 2022-03-03. 
  7. Toulas, Bill (February 28, 2022). "Ukraine says its 'IT Army' has taken down key Russian sites". bleepingcomputer: pp. 1. 
  8. "Understanding Russia's "Sovereign Internet": What Happens If Russia Isolates Itself from the Global Internet?" (in en-US). 2022-03-11. 
  9. "Anonymní válka. Jak vážně brát údajné úspěchy hackerských skupin?" (in cs-CZ). 2022-03-10. 
  10. "Anonymous and its affiliates continue to cause damage to Russia - RedPacket Security" (in en-GB). 2022-03-02. 
  11. (in en) Ukraine's Hacker Army Is Targeting Russia,, retrieved 2022-03-23 
  12. "Hackers breach Rosatom, Russia's state nuclear energy corporation" (in en-US). 2022-02-28. 
  13. Faife, Corin (2022-03-03). "Anonymous-linked group hacks Russian space research site, claims to leak mission files" (in en). 
  14. "ATW hackers linked to Anonymous breached into Russian Energy Corporation" (in en-US). 2022-03-05. 
  15. "Russia or Ukraine: Hacking groups take sides" (in en). 2022-02-25. 
  16. "Anonymous Hackers Fire 'Warning Shot' at Companies Refusing to Pull Out of Russia - HS Today" (in en-US). 2022-03-21. 
  17. "Mysterious AgainstTheWest Claims Hacked Chinese TV Station" (in en-US). 2021-11-25. 
  18. "Sberbank, a Russian state-owned bank has been breached" (in en-US). 2022-03-01. 
  19. "Anonymous and its affiliates continue to cause damage to Russia" (in en-US). 2022-03-02. 
  20. "Nixu Threat Intelligence Bulletin #3: Russia's War in Ukraine" (in en). 
  21. "Anonymous and its affiliates continue to cause damage to Russia" (in en-US). 2022-03-02. 
  22. Michaelis, Lee (2022-01-24). "The source confirmed the data leak of the Almaz-Antey company - Gazeta.Ru" (in en-US).