Cyber Incident Victim: Russian military stationed in Bucha
Date:
Mar 2022
Location:
Ukraine
Summary
Anonymous leaked personal information of Russian military personnel from the 64 Motor Rifle Brigade, implicated in civilian atrocities in Bucha, exposing names, ranks, and passport details. The collective concurrently breached a major Russian state broadcaster, exfiltrating 900,000 emails and thousands of files, revealing Kremlin-directed propaganda efforts that manipulated news coverage to align with government narratives targeting Ukraine. Former employees corroborated systemic editorial control, including blacklisting dissenting voices and scripting incendiary content under state directives.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In early April 2022, the hacktivist collective Anonymous publicly leaked sensitive personal information belonging to members of the Russian 64 Motor Rifle Brigade, a military unit implicated in the occupation of Bucha, Ukraine, prior to March 31, 2022. The leaked data included names, ranks, and passport details of personnel allegedly involved in atrocities against civilians during the occupation, which witnesses and international observers described as a massacre involving the rape and execution of women and children. This breach represented a direct response to the alleged war crimes committed in Bucha, with Anonymous framing the leak as an act of accountability against the implicated military unit. The timing of the disclosure aligned with mounting international condemnation of Russian forces’ conduct in Bucha following the unit’s withdrawal from the area.
Concurrently, Anonymous-affiliated subgroup NB65 executed a separate cyber operation targeting Russia’s state-controlled media infrastructure. The group compromised the All-Russia State Television and Radio Broadcasting Company (VGTRK), exfiltrating approximately 900,000 emails and 4,000 internal documents spanning two decades of operations. VGTRK, designated by the Russian government as essential to national security, operates five national TV channels, two international networks, and over 80 regional broadcast outlets, including propaganda entities like Sputnik and RIA Novosti. The leaked correspondence reportedly revealed editorial interference from Kremlin officials, including mandated narrative frameworks for covering the Ukraine invasion and blacklists of non-compliant experts. Former VGTRK employees corroborated these practices, describing systemic manipulation of news content to align with state directives and internal cynicism regarding the dissemination of disinformation. The breach exposed both the technical vulnerabilities of critical Russian media infrastructure and the operational mechanisms underlying state-sponsored propaganda efforts during the conflict.