Cyber Incident Victim: Aerogas
Date:
Feb 2022
Location:
Russia
Summary
Aerogas, a Russian engineering company serving the oil and gas sector, experienced a large-scale email leak compromising approximately 100,000 messages totaling 145 GB. The breach was part of a broader hacktivist campaign targeting Russian entities following the invasion of Ukraine, with the Anonymous collective and affiliated groups exfiltrating over 400 GB of emails from multiple firms through Distributed Denial of Secrets (DDoSecrets). This incident aligned with widespread cyber operations against Russian state-owned enterprises and critical infrastructure operators, including energy and nuclear agencies, amid international condemnation of the conflict and alleged human rights violations during military operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Aerogas data breach occurred as part of a broader wave of cyberattacks against Russian entities following Russia's invasion of Ukraine on February 24, 2022. Between late February and early April 2022, the hacktivist collective Anonymous infiltrated the email systems of Aerogas, a Russian engineering firm specializing in oil and gas sector services, along with two other companies—Petrovsky Fort (a commercial real estate operator) and Forest (a logging company). On April 8, 2022, the transparency group Distributed Denial of Secrets (DDoSecrets) publicly disclosed the stolen data, which included 100,000 corporate emails from Aerogas totaling 145 GB. The combined leak across all three companies amounted to 437,500 emails (424.7 GB), with Petrovsky Fort contributing 300,000 emails (244 GB) and Forest providing 37,500 emails (35.7 GB). This incident represented one of multiple coordinated data exfiltration operations targeting Russian businesses in retaliation for the Ukraine invasion, characterized as "smash and grab" attacks by cybersecurity observers.
The Aerogas breach formed part of an escalating campaign by hacktivist networks including Anonymous, Ukraine's IT Army, and Hacker Forces against Russian critical infrastructure and state-aligned corporations. The leaked emails exposed internal communications and operational details of a company directly supporting Russia's energy industry, though specific compromised systems or detection methods weren't disclosed. Concurrently, DDoSecrets published over 2 million emails from Russian entities between February and April 2022, including 800 GB from state media outlet VGTRK and 5,500 emails from investment firm Thozis Corp. Other high-profile victims included nuclear agency Rosatom, space agency Roscosmos, and energy giant Gazprom. These cyber operations coincided with international condemnation of Russia's military actions, which had displaced over 10 million Ukrainians by April 2022 and led to documented human rights violations. The incident demonstrated hacktivists' strategic focus on undermining entities perceived as sustaining Russia's economy and war efforts during the initial phase of the conflict.