Cyber Incident Victim: Luxor
Date:
Jul 2022
Location:
Russia
Summary
A DDoS attack targeted Russian cinema chains including Luxor, disrupting online ticket sales as part of Ukraine's IT Army hacktivist campaign to reduce Russian state revenue funding the war. These attacks exemplify a regional surge in DDoS operations primarily targeting commercial sectors like banking, media, and civilian services, causing economic disruption but minimal battlefield impact. The simplicity of executing such attacks—enabled by accessible tools like Liberator and DB1000N—fueled participation, providing psychological satisfaction to Ukrainian volunteers despite coordination challenges and diminishing long-term effectiveness. Both nations subsequently enhanced cyber defenses amid reciprocal attacks, with Ukraine enduring thousands of DDoS incidents against government and media platforms.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 11, 2022, Ukraine’s IT Army hacktivist group claimed responsibility for distributed denial-of-service (DDoS) attacks targeting Russia’s major cinema chains, including Luxor, Kinomax, Mori Cinema, and Almaz. The coordinated attacks occurred over several hours during the preceding weekend, disrupting online ticket sales for at least 80 Russian cinemas. The IT Army publicly announced the operation via Telegram, stating its objective was to reduce Russian state budget revenues financing the war in Ukraine by limiting online ticket purchases. These attacks formed part of a broader escalation in DDoS activity across the region, with Kaspersky reporting a 46% increase in such attacks between January and March 2022 compared to pre-war levels. While attack frequency moderated between April and June 2022, volumes remained elevated above the previous year’s baseline.
The Luxor cinema disruption exemplified evolving DDoS tactics, with attacks growing more sustained and sophisticated. Kaspersky’s Alexander Gutnikov noted attacks now commonly lasted days or weeks rather than hours, indicating improved attacker persistence. Ukrainian cybersecurity executives observed that DDoS operations provided psychological utility for participants, exemplified by tools like Hacken’s Liberator app, which enabled over 100,000 users with minimal technical skill to launch attacks. IT Army claimed approximately 5,500 Russian website disruptions since the war’s onset, focusing primarily on banking, financial services, and media through mid-2022, though civilian services like food delivery and universities were also impacted. Russian entities responded by enhancing cyber defenses, while Ukraine faced over 14,000 retaliatory DDoS attacks targeting government sites and broadcast media during the same period. Ukrainian security official Victor Zhora confirmed no formal coordination existed for volunteer hacktivist activities, leading to operational overlaps that sometimes neutralized attack effectiveness. Despite causing economic disruption, analysts like Cyber Unit Technologies’ Yegor Aushev assessed DDoS campaigns as tactically inconsequential to military outcomes.