Cyber Incident Victim: LLC Capital
Date:
May 2022
Location:
Russia
Summary
A pro-Ukraine hacktivist group launched disruptive cyberattacks against a critical Russian alcohol distribution system, causing widespread operational failures. The attacks involved distributed denial-of-service (DDoS) campaigns that prevented factories from accepting shipments and halted product distribution to retailers, forcing production slowdowns. Concurrently, allied threat actors exploited misconfigured Docker installations to hijack computational resources for additional DDoS strikes against government, military, and media targets, including Lithuanian outlets. The incident disrupted supply chains and leveraged compromised infrastructure to amplify attack scale against multiple sectors aligned with Russian interests.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On May 2-3, 2022, pro-Ukraine hacktivist groups including Anonymous and the Ukraine IT Army executed distributed denial-of-service (DDoS) attacks against Russia's Unified State Automated Alcohol Accounting Information System (EGAIS), a critical infrastructure platform governing alcohol distribution nationwide. The attacks coincided with broader cyber operations against Russian entities amid the ongoing conflict, with operational guidance disseminated through the IT Army of Ukraine's communication channels. Technical disruptions to the EGAIS portal persisted through May 4, preventing alcohol manufacturers from processing incoming shipments and blocking distributors from accessing delivered products. This systemic failure forced multiple factories to suspend warehouse shipments entirely and reduce production rates, creating supply chain bottlenecks across the alcohol distribution ecosystem. Attackers leveraged Docker container images to orchestrate these assaults, exploiting misconfigured Docker installations with exposed APIs to hijack computational resources for attack amplification.
The same threat actors simultaneously targeted twelve additional Russian websites belonging to government, military, and media organizations, extending their campaign to three Lithuanian media outlets. Anonymous-affiliated subgroup @squad3o3 supplemented these disruptions with information operations, claiming dissemination of over 100 million messages to Russian citizens countering official narratives about the Ukraine invasion. Stolen data from compromised Russian entities was publicly released through the DDoSecrets transparency collective. The EGAIS incident represented a strategic infrastructure target due to its centralized role in regulating alcohol logistics, with sustained outages demonstrating tangible economic impact through halted production cycles and distribution paralysis. No remediation efforts or defensive responses from affected organizations were documented in available reporting.