Cyber Incident Victim: Rustam Kurmaev and Partners
Date:
Feb 2022
Location:
Russia
Summary
A Russian law firm representing major international corporations and state interests was compromised by hacktivists affiliated with Anonymous as part of Operation Russia, resulting in the theft and public leak of a 1TB data archive containing sensitive emails and client information. The breach, facilitated through the DDoSecrets platform by individuals using the aliases B00da and Porteur, exposed communications linked to prominent clients across banking, automotive, energy, and consumer goods sectors. This incident occurred within a broader campaign targeting entities perceived as supporting Russian activities in Ukraine, alongside disruptions to Belarusian government websites and other Russian organizations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 4 actors | Available to members | Available to members |
Description
In late February 2022, the hacktivist collective Anonymous initiated Operation Russia in response to Russia's invasion of Ukraine. As part of this sustained campaign, Rustam Kurmaev and Partners (RKP Law) became a target due to its work with Russian state interests and multinational corporations. Between February and June 2022, attackers identified as B00da and Porteur compromised RKP Law's systems and exfiltrated approximately 1 terabyte of sensitive data, including internal communications and client documents. The leaked archive revealed the law firm's representation of prominent international clients such as Ikea, Volkswagen Group Russia, Toyota Russia, Citibank, Abbott Laboratories, and Caterpillar, alongside Russian entities including Sberbank and state-aligned industrial firms. This breach exposed privileged attorney-client communications and business contracts spanning multiple sectors including banking, energy, manufacturing, and media.
The data was publicly disseminated through the Distributed Denial of Secrets (DDoSecrets) platform around June 2022, coinciding with parallel attacks against Vyberi Radio (823GB of emails) and Metprom Group (184GB metallurgical project data). These breaches formed part of Anonymous' broader strategy to undermine Russian economic interests and institutions supporting the invasion. Concurrently, Anonymous launched disruptive DDoS attacks against Belarusian government websites to protest Belarus' logistical support for Russian military operations. The collective also claimed infiltration of the pro-Russian hacker group Killnet's email accounts during this operational phase. The RKP Law compromise specifically damaged the firm's reputation for handling sensitive cross-border transactions and highlighted vulnerabilities in its digital infrastructure, though the firm's direct response measures weren't documented in available sources. Operation Russia demonstrated persistent targeting of entities perceived as enabling Russian state objectives through both data exposure and service disruption tactics.