Pro-Ukrainian hackers prepared a Victory Day surprise for Russia-backed separatists in eastern Ukraine on May 9, when the hacker groups Falcons Flame and Trinity took over nine of the militants' websites.
They referred to the operation as #OpMay9, the date in 1945 when Nazi Germany surrendered to the Soviet Union.
The defaced homepages included the official website of the separatist group Donetsk People's Republic, whose fighters control areas of Ukraine's Donetsk region, on which were published videos produced by the Ukrainian Institute of National Remembrance in 2015 about Ukrainian participation in the defeat of Nazism in World War II.
"Turned out [to be] symbolic [.] 9 websites of Russian terrorists on May 9 were hacked with defacement," a Falcons Flame tweet reads.
Russia occupied and forcibly annexed Crimea from Ukraine in early 2014 and has supported armed separatists in eastern Ukraine who still hold swaths of the Donbas region and, like officials in Moscow, have rejected the authority of the Kyiv government.
Some of the hacked websites displayed a mock message attributed to Aleksandr Zakharchenko, the self-proclaimed leader of Donetsk separatists, expressing hope that this year's Victory Day "will be over the Russo-fascist regime."
It added: "We believe that...Donbas will return to a peaceful life as a part of Ukraine to free from Kremlin oppression."
Hackers shared exclusive information and videos with InformNapalm, a Ukraine-based network of volunteer journalists and translators, shortly after the attack. One of the videos features proof that at least for some time the targeted websites were defaced:
Four of the hacked websites belong to elements of the militant umbrella group Donetsk People's Republic. Their homepage was subsequently unavailable, although it was renamed "Never Again!" in Ukrainian ("Nikoly Znovu!") -- one of the slogans that Ukrainian officials have adopted for May 9.
Roman Burko, InformNapalm's founder, speculated to RFE/RL's Current Time that administrators of the defaced websites might have taken them down completely after discovering the hack.
Four other affected websites were all radical anti-Ukrainian portals, including Vestnik Vernykh, or Messenger Of The Faithful.
The hackers also defaced the website of private Russian military company E.N.O.T. CORP, a radical nationalist group, some of whose members have fought in the Donbas. E.N.O.T. CORP's VK page includes a discussion board about the best traumatic weapons and one titled "hit list" with social-media profiles of people and companies deemed to be enemies.
Burko said Falcon Flames and Trinity are acquaintances who work in the IT sector. They cooperate with InformNapalm regularly and have contributed to some of the resource's biggest investigative projects.
In March, the groups leaked information from a mobile phone that purportedly belonged to an employee of the Russian Federal Penitentiary Service (FSEP) who had fought in the Donbas on the side of the pro-Russia separatists. In April, they leaked e-mails that appeared to show Moscow providing visas to foreigners who wanted to support pro-Russia separatists in the Ukrainian east.
