Menu
Browse

Cyber Threat Actor: Russian Cyber Command

Aliases: 2 aliases
Actor Type Location Known Incidents
 Icon
Activist
Russia
3 incidents
Profile

Russian Cyber Command, also known as Rucyborg, is a hacktivist group based in Russia that has positioned itself in opposition to the Russian government and its affiliated entities. The actors describe their actions as efforts to expose what they perceive as corrupt practices within state‑linked organizations and to voice anti‑Putin sentiments. Their public statements emphasize a desire to reveal shadow banking activities, defense procurement details and other sensitive information rather than to pursue financial gain.

The group’s targeting has focused on Russian organizations with clear government connections, including defense exporters such as Rosoboronexport, IT security firms with alleged FSB ties like SearchInform, and semi‑governmental investment bodies such as the Russian Industrial Investment Fund. They have also struck at foreign diplomatic missions located in Russia, exemplified by the compromise of the Indian Embassy in Moscow through a spear‑phishing email sent to the CEO of Rosoboronexport. Their observed tactics involve delivering malicious attachments via email to gain initial access, exfiltrating large volumes of documents, spreadsheets, multimedia files and identification data, and publishing the stolen material on file‑hosting services accompanied by preview images on platforms like Imgur. While distributed denial‑of‑service attacks against Russian government websites have been reported during the same timeframe, no direct technical link to Rucyborg has been established in those incidents.

Notable operations attributed to Rucyborg include the December 2013 breach of the Indian Embassy in Moscow that yielded over 500 MB of military procurement documents, passport details and flight cost records, and the March 2014 leak of more than 900 MB of data from the personal computer of the Russian Industrial Investment Fund’s president, which contained business records, spreadsheets and a copy of his identification card. Earlier intrusions referenced by the group involve data theft from SearchInform and multiple defense‑related companies such as Sukhoi, Oboronprom, Gazflot, Rusal and Veles Capital. Publicly available sources do not demonstrate a formal state sponsorship or criminal consortium affiliation; instead, the actors claim solidarity with hacktivist collectives like Anonymous and LulzSec and describe themselves as independent computer renegades acting against the Russian regime.

Incidents
Attributed incidents available to members
3 incidents
Sources
Sources available to members
2 sources