Cyber Incident Victim: General Department of Troops and Civil Construction
Date:
Apr 2022
Location:
Russia
Summary
A Russian defense-linked construction entity, the General Department of Troops and Civil Construction, was compromised by the Anonymous collective and associated hacktivists as part of a broader offensive against Russian organizations. The attackers exfiltrated 15,600 emails and released a 9.5 GB data archive, impacting operations tied to the Ministry of Defense. This incident occurred alongside breaches of multiple other Russian firms, including financial, surveillance, and energy sector entities, with varying scales of data theft and leaks ranging from 9.5 GB to 222 GB, collectively demonstrating a coordinated effort to disrupt critical infrastructure and expose sensitive information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around April 19-20, 2022, the Anonymous hacktivist collective and affiliated groups breached the systems of the General Department of Troops and Civil Construction (GUOV i GS), a Russian construction firm wholly owned by the Ministry of Defense. The attackers exfiltrated 15,600 internal emails and leaked a 9.5 GB archive of stolen data. GUOV i GS operates under a dual ownership structure, with 49% held by JSC Garnizon (formerly Oboronservis) and 51% by JSC GUOV, both entities controlled by the Russian Ministry of Defense. The organization specializes in construction projects supporting military infrastructure and troop deployment logistics. Anonymous publicly claimed responsibility for the breach as part of a coordinated campaign targeting Russian entities following the invasion of Ukraine. The leaked data likely contained sensitive communications and operational documents related to defense construction projects, though specific content details were not disclosed in available sources. No immediate operational disruptions or official responses from GUOV i GS were reported following the breach.
This incident occurred amid a broader offensive by Anonymous-linked groups against Russian critical infrastructure and government-linked entities. During the same three-day period, Anonymous and affiliates compromised Tendertech (426,000 emails, 160 GB leaked), Synesis surveillance systems (sanctioned by the US), Neocom Geoservice (87,500 emails, 107 GB), Gazregion pipelines (222 GB), Metrospetstekhnika (metro systems), and JSC Bank PSCB. The GUOV i GS breach specifically targeted an organization integral to military construction capabilities, potentially exposing strategic infrastructure details. The data dump’s relatively smaller size (9.5 GB compared to other breaches) suggests focused exfiltration of communications rather than comprehensive network access. No remediation efforts or forensic findings from GUOV i GS were documented in available reporting. The breach underscored vulnerabilities in defense-affiliated contractors and amplified operational risks for Russian military logistics during active conflict.