Cyber Incident Victim: Russian Federation
Date:
Aug 2014
Location:
Russia
Summary
The Twitter account of the Russian Prime Minister was compromised by hackers who posted fabricated messages, including a false resignation announcement and a politically charged statement disputing Russia's claim to Crimea. The hacker group Shaltai Boltai claimed responsibility, asserting they accessed the official’s email and shared images allegedly taken from his personal iPhone. Government representatives confirmed the breach, publicly disavowing the unauthorized tweets as entirely false.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 14, 2014, the Twitter account of Russian Prime Minister Dmitry Medvedev was compromised by unauthorized actors for approximately 30 minutes. The hackers, identifying themselves as the Shaltai Boltai group, posted multiple fraudulent tweets containing politically sensitive messages. The first fabricated announcement stated, "I am resigning. I am ashamed of the actions of the government. Forgive me," while another controversial tweet asserted "#Crimea is not ours, please retweet"—a direct challenge to Russia's annexation of Crimea earlier that year. During the breach, the attackers also disseminated images purportedly extracted from Medvedev's iPhone, including photographs depicting a government meeting. These images were shared alongside Russian-language tweets from Shaltai Boltai's account claiming the materials originated from the compromised device. The unauthorized tweets were subsequently deleted from Medvedev's account, though screenshots circulated on social media platforms through third-party users and media outlets like RT (Russia Today).
The incident generated immediate international media attention due to its political implications and the high-profile nature of the target. Russian government officials confirmed the security breach through an unnamed press spokesperson who informed Bloomberg that all resignation claims and statements about Medvedev pursuing freelance photography were fabricated. Shaltai Boltai, known for previous leaks involving Russian officials, publicly claimed responsibility for both the Twitter compromise and unauthorized access to Medvedev's email account according to BuzzFeed reports. The hack's primary operational impact was limited to the temporary control of a social media account, with no evidence suggesting broader system compromises beyond the claimed email access. However, the dissemination of politically charged messages during a period of heightened tensions over Crimea amplified the incident's symbolic significance, exposing vulnerabilities in the digital communications channels of senior Russian leadership. The government's acknowledgment of the breach constituted its sole documented response measure.