Cyber Incident Victim: Ministry of Defence of the Russian Federation
Date:
Feb 2022
Location:
Russia
Summary
The Russian Defense Ministry experienced a significant data breach when the hacktivist group Anonymous infiltrated and publicly released a database containing officials' contact information and passwords, escalating cyber hostilities amid the Ukraine conflict. The leak prompted widespread calls for cyberattacks against Russian targets, including spam and malware campaigns, while various groups developed accessible tools enabling distributed denial-of-service attacks against Russian infrastructure. Concurrently, Ukraine's cyber defense unit reported credential-stealing operations targeting military email accounts, and the pro-Kremlin Conti ransomware group threatened retaliatory strikes on critical infrastructure of nations opposing Russia's actions, highlighting a rapidly intensifying cyber conflict involving both state-aligned and independent actors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On February 24, 2022, coinciding with Russia’s military advance toward Kyiv, the hacktivist collective Anonymous publicly declared a cyberwar against the Russian government. The following day, February 25, Anonymous claimed to have successfully breached a database belonging to the Russian Ministry of Defence. The group leaked the database publicly, making it accessible to anyone online. According to their statements, the compromised data included Russian officials’ phone numbers, email addresses, and passwords. Anonymous used social media to encourage global hackers to target Russian entities, tweeting directives such as “let them know we do not forgive, we do not forget” and explicitly framing their actions as retaliation against the invasion of Ukraine. The leak spurred widespread calls within online communities for coordinated spam and malware campaigns against Russian targets, amplifying the immediate disruptive impact of the breach.
The incident occurred amid broader cyber mobilization by both pro-Ukrainian and pro-Russian actors. Cybersecurity firms disBalancer and Hacken released applications enabling volunteers to conduct cyberattacks against Russian websites, while another anonymous group developed a web-based tool for crowdsourced distributed denial-of-service (DDoS) attacks against Russian infrastructure. Concurrently, Ukraine’s Computer Emergency Response Team (CERT) reported that hackers were using phishing emails to compromise Ukrainian soldiers’ accounts, then leveraging stolen address books to propagate further malicious messages. On the Russian side, the Conti cybercrime group publicly pledged “full support” for the Kremlin, threatening retaliatory attacks against critical infrastructure belonging to any nation opposing Russia’s invasion. Cybersecurity analysts observed that some Russian professionals were conducting “patriotic” offensive cyber operations during this period, blurring lines between state-aligned and independent hacker activities. The breach of the Russian Defence Ministry database exemplified the rapid escalation of asymmetric cyber tactics accompanying conventional warfare, though specific technical details about the breach methodology or the ministry’s internal response remained undisclosed in available reporting.