The Thousand Masks: Anonymous

← Home·Gallery·Techniques

Threat Intelligence Tarot

Major Arcana · 20

Hacktivist (decentralized, global)

★★★★★

risk 2/5

✦ The Thousand Masks ✦

Anonymous

Anon · AnonOps · Various splinter cells

GovernmentsCorporationsLaw enforcementControversial organizations

Active since ~2003 · Political protest, Anti-censorship, Corporate accountability, Lulz

It is not an organization. It has no leader, no members, no headquarters. It is a decision - made independently, simultaneously, by thousands of people wearing the same mask. When it chooses a target, the target knows. Everyone knows.

Tactics & Techniques

RCN

RDV

INI

EXC

PRS

PRV

EVA

CRD

DSC

LAT

COL

EXF

IMP

T1498.001

Direct Network Flood

Impact

T1190

Exploit Public-Facing Application

Initial Access

T1530

Data from Cloud Storage

Collection

T1491.002

External Defacement

Impact

Notable Operations

◆Operation Payback (RIAA/MPAA DDoS, 2010)
◆HBGary Federal breach and email release (2011)
◆Arab Spring support operations
◆OpISIS following Paris attacks (2015)
◆Russia leaks following Ukraine invasion (2022)

Defenses

▸
DDoS mitigation service (Cloudflare, Akamai)
NIST CSF: PR.DS ↗
▸
Web application firewall for public-facing sites
CIS Control 13 ↗
▸
Incident response plan for reputational and data leak events
NIST CSF: RS.CO ↗
▸
Cloud storage access controls and public bucket auditing
CIS Control 13 ↗

Reversed: Their Weakness

The lack of central coordination is Anonymous's tactical weakness. Operations are uneven, sometimes counterproductive, and frequently claimed by unaffiliated actors. The mask is available to anyone, including those with poor judgment.

Share this adversary profile

← → arrow keys to browse

swipe to browse

← PreviousThe Void Next →The Storm

Related Adversaries

Data sourced from MITRE ATT&CK. For educational purposes.