- Posts from an Anonymous-affiliated Twitter account singled out Western companies, demanding that they immediately cease operating in Russia.
- Some of the targeted companies said they had already publicly announced such decisions.
- Other companies have since withdrawn business activity from Russia, but many forces — such as moral obligations, mitigation of reputational damage, the cost of sanction compliance and franchise agreements — are at play.
The "hacktivist" collective known as Anonymous said it has a new target in its "cyber war" against Russia — Western businesses that are still doing business there.
A post on March 21 from a Twitter account named @YourAnonTV stated: "We call on all companies that continue to operate in Russia by paying taxes to the budget of the Kremlin's criminal regime: Pull out of Russia!"
The tweet, which has been liked more than 23,000 times, gave companies 48 hours to comply.
Get top local stories in Connecticut delivered to you every morning. Sign up for NBC Connecticut's News Headlines newsletter.
The threat, which was later echoed on other Anonymous-affiliated Twitter accounts, included a photo with the logos of some 40 companies, including household names such as Burger King, Subway and General Mills.
The account later tagged more companies to the post, ostensibly putting them on notice that they, too, could soon be targeted.
Money Report
Incorrectly targeted?
CNBC contacted the companies mentioned in this story for comment. Most responses mirrored companies' published press releases, which are linked throughout this story, that came after the posts.
Tire firm Bridgestone and Dunkin' said by the time they were targeted by Anonymous, they had already publicly announced that they were pulling business from Russia.
Both companies also replied directly to Anonymous on Twitter. Bridgestone's reply linked to a press release, and Dunkin' linked to media coverage of its decision, both which predated Anonymous' post.
Twitter users also pointed out that other companies, such as Citrix, had already announced similar measures. A blog posted on Citrix's website states: "Unfortunately, we see many incorrect reports in social and traditional media concerning Citrix operations in Russia."
Three targeted oil field service companies — Halliburton, Baker Hughes and Schlumberger — had also already issued announcements about their Russian business operations. The statements followed a Washington Post article that implored readers to stop investing in companies deemed to be "funding Putin's war."
Intentional or 'fog of war?'
Cyberattacks during the "fog of war" are dangerous, said Marianne Bailey, a cybersecurity partner at the consulting firm Guidehouse and former cybersecurity executive with the U.S. National Security Agency.
"A cyber strike back … could be directed to the wrong place," she said.
However, it's also possible Anonymous wasn't impressed by some of these company's pledges. Some companies — including Halliburton, Baker Hughes and Schlumberger — did not score well on a business list compiled by the Yale School of Management. The list categorizes some 500 companies according to whether companies halted or continued operations in Russia, giving them school-style letter grades.
Notably, Bridgestone's decision received an "A" and Dunkin' a "B" on Yale's list.
A second batch of targeted companies
Many companies that received "Fs" on Yale's list appeared on a second Anonymous Twitter post published March 24. This post targeted a new — and seemingly updated — list of companies, which included Emirates airline, the French gardening retailer Leroy Merlin and the essential oil company Young Living.
Several companies caught in Anonymous' crosshairs soon announced they were cutting ties with Russia, including the Canadian oilfield service company Calfrac Well Services and the sanitary product maker Geberit Group — the latter including hashtags for Anonymous and Yale in its Twitter announcement.
The French sporting goods company Decathlon this week announced it too was shutting stores in Russia. But Anonymous had already claimed credit for shuttering its Russian website, along with sites for Leroy Merlin and the French supermarket company Auchan.
Jeremiah Fowler, co-founder of the cybersecurity company Security Discovery, said his research determined that Anonymous also successfully hacked a database belonging to Leroy Merlin.
"I'm absolutely sure [Anonymous] found it," he said, saying that the collective left messages and references inside the data.
Anonymous also claimed last week that it hacked a database of another targeted company, the Swiss food and beverage corporation Nestle. However, Nestle told CNBC that these claims had "no foundation." The design and tech website Gizmodo reported that Nestle said it accidentally leaked its own information in February.
Nestle has since announced it is reducing its operations in Russia, but the measures were rejected as insufficient by at least one online Anonymous account.
Other forces at play
Whether threats by Anonymous influenced any corporate decisions to cease operations in Russia is unclear.
Indeed, other forces were also at play, including online calls to boycott some of the targeted corporations in recent weeks.
After being targeted by Anonymous, the French car manufacturer Renault announced it was suspending activities in a Moscow manufacturing plant. However, Ukrainian President Volodymyr Zelenskyy publicly singled out Renault, as well as Nestle, during televised addresses to European governments and citizens.
A company spokesperson for Renault told CNBC its decision had nothing to do with Anonymous.
Other companies have made moral cases for continuing to operate in Russia. Auchan, in a press release issued this week, said Russians have "no personal responsibility in the outbreak of this war. Abandoning our employees, their families and our customers is not the choice we have made."
Another complication: Franchises
Franchise and other contractual agreements can also complicate a quick exit from the Russian marketplace, said international franchise lawyer Scott Antel, who lived and worked in Russia for more than 20 years.
That's the position that some targeted companies — such as Burger King, Subway and Reebok's owner Authentic Brands Group — said they are in.
Force majeure clauses — which allow parties to terminate a contract for circumstances such as natural disasters or acts of terrorism — don't apply here, said Antel. Neither do clauses covering sanctions, which when present, typically apply only if parties to the contract are sanctioned, not the country where they are located, he said.
Antel said franchisors likely have no legal right to shut down franchises in Russia. But he said he expects franchisors will do so anyway for a variety of reasons: moral decisions, to mitigate reputational damage and to avoid the cost of complying with sanctions, especially since Russia "is not a big percentage of sales" for most of these companies.
"Concerns over hackers and data protection … could be a good reason" too, he said.
He suspects franchisors will negotiate agreements to "share the pain," either by agreeing to temporarily stop operations, or through settlement fees to terminate the relationship, he said.
He said he's negotiated one contract — out of hundreds — where a hotel owner in Russia wanted the contractual right to walk away if an international incident made it detrimental to his broader business interests.
"God, we had to fight for it," said Antel.
However, he said he now expects contractual exit options to be much more common in the future.