Cyber Incident Victim: Ministry of Economic Development of the Russian Federation
Date:
Mar 2022
Location:
Russia
Summary
A cyberattack attributed to the Anonymous collective and allied hackers breached the Russian Ministry of Economic Development's website, leaking databases containing subdomains and back-end server IPs. The incident occurred as part of a broader campaign targeting Russian government entities, state media, and critical infrastructure in response to the invasion of Ukraine. Attackers also compromised internal documents allegedly outlining military invasion plans, strategic files from the Russian Navy, and surveillance camera feeds to monitor Ukrainian movements. While the authenticity of some leaked military documents remained unverified, the operation included extensive data exfiltration from multiple Russian organizations and disruption of online services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In early March 2022, the Anonymous collective executed a coordinated cyber campaign (#OpRussia) targeting Russian and Belarusian entities following Russia's invasion of Ukraine. Between March 4-5, 2022, Anonymous announced the compromise of over 2,500 websites belonging to Russian and Belarusian governments, state-controlled media outlets, private corporations, financial institutions, healthcare facilities, and transportation hubs. Specific government targets included the Russian Government web portal (gov.ru), where attackers exfiltrated subdomain configurations and backend server IP addresses, and the Ministry of Economic Development of Russia's official website. Concurrently, affiliated groups like ATW breached Gazprom's infrastructure, leaking proprietary data including source code and WellPro project documentation. The operation expanded to include cybercriminal organizations supporting Moscow, with pro-Ukraine actors publishing internal Conti ransomware group communications and malware source code.
The campaign produced multiple strategic disclosures with geopolitical implications. Anonymous released military documents purportedly stolen from Russian forces, including invasion plans dated January 18, 2022, outlining a scheduled occupation of Ukraine by March 6. These contained geographical maps and operational files attributed to Russia's Black Sea Fleet, though independent verification remained pending. Tactical cyber operations included hijacking IP surveillance cameras to monitor Ukrainian civilian movements. Data leaks targeted critical infrastructure sectors, exposing governmental network architectures and corporate intellectual property. The collective disseminated compromised materials through social media channels, framing the actions as retaliation against Russian aggression while providing operational intelligence to Ukrainian defenders. No Russian institutional responses or containment measures were documented in the available reporting during this initial phase of the campaign.