"Anonymous prank calls the FSB customer service line" is about the extent of this.
If you really feel like DDOSing something, the good folks at the IT Army of Ukraine routinely post lists of specific targets focused on military, propaganda and banking sectors. https://t.me/itarmyofukraine2022 is the Telegram (note the "2022" at the end - there are others that copy the content but change the IPs for their own ends).
Just a reminder that this is the equivalent of spray painting a poster put up somewhere by the FSB, and doesn’t constitute any kind of incursion into any system the FSB relies on or cares about.
I'm not sure its even that. Nearly all of these "takedowns" by Anonymous have been websites that are currently under what's probably exponentially higher load than normal. Maybe some coordinated DDoS attempt, but it seems just as likely to me for it just to be crummily-constructed government sites buckling under high traffic.
Besides some data leaks you are right, most of these attacks are DDOSes. However is strange that russian authorities don't have the power or will to mitigate them.
I'm not sure there has been no mitigation done, the site has almost certainly been designed in a way where a DDOS attack against it won't impact the rest of the organization. Mitigation is more about causing failure to not really matter than it is about completely preventing failure. The point of a website like FSB.ru is to promote employment within the FSB, to encourage public support of the FSB, and to inform the public of the services the FSB provides. The website is useful but not critical to the FSB's mission. It's fine for this website to go down on rare occasions.
The FSB going out of their way to proactively ensure the site maintains 100% uptime even in the face of a rare, massive, and temporary DDOS campaign is expensive and a waste of resources. If you're going to focus your resources on keeping a website that hardly even matters up 100% of the time, you're going to end up having your IT organization disrupted in a far more meaningful way. The organization as a whole has limited resources and is regularly dealing with defending against the most advanced APT's in the world from infiltrating its network and disrupting its activities. Good stewardship of IT means good prioritization.
It’s probably not worth it to put some government agency’s page behind a ddos mitigation service before an actual attack. Those services can be expensive, and as has been mentioned in this thread, the FSB’s homepage isn’t really critical to anything.
Also, another reminder that the "hacker group Anonymous" (as opposed to the assorted spontaneously-assembled imageboard events and the anti-Scientology protest events) was a left-wing hactivist group that was infiltrated, then busted and jailed by the FBI. There's no reason to think that anything ascribed to anonymous isn't just a state cyberattack disguised as some sort of spontaneous populist expression.
That’s true, but a lot of the higher profile activities attributed to Anonymous was the particular group the parent comment is talking about. I know Kirtaner (founder of 420chan) was involved and has been talking about it a lot lately.
As a long term user of 420chan, I can say he has sadly lost the plot. All major happenings on the site were marked by his absence, and most downturns by his presence. He wasn't hiding in the shadows micromanaging the spooky anonymous hackers like he pretends nowadays, he's just a weirdo trying to relive and rewrite his glory days.
For most of its existence, 420chan has been plagued with administration incompetence and downtime, so I find it very hard to believe someone who can't even run a site is secretly masterful at hacking them.
The whole point about Anonymous is that it's a label for anyone to freely use. There have been dozens (at least) of hacker groups using the Anonymous moniker, nevermind all the splinter groups.
That is almost the definition of the "hacker group Anonymous". It / They are a swarm of swarms of undefined individuals who join these various swarms based on their own ideologies, motivations, availability, skills, and current level of life boredom.
This is it's greatest strength: if it hits "viral internet meme" popularity, it can actually achieve a productive level of coordination / chaos with no specific 'head' that can be cut off.
It's also it's greatest weakness: As you've described, the ability to (mis)attribute blame, ie. "state cyberattack disguised as ..." because there is no cohesive group to need the reputation points of claiming responsibility.
The article repeatedly calls Anyonymous "an international hacker group", which is a misnomer. They might as well just write "the hackers" without further specification.
Anyone from anywhere can and will call themselves "Anonymous". It could be CIA, an actual ring of cybercriminals, or a teenager with access to a botnet.
If you really feel like DDOSing something, the good folks at the IT Army of Ukraine routinely post lists of specific targets focused on military, propaganda and banking sectors. https://t.me/itarmyofukraine2022 is the Telegram (note the "2022" at the end - there are others that copy the content but change the IPs for their own ends).