Cyber Incident Victim: Convex
Date:
Jan 2023
Location:
Russia
Summary
A cyberattack attributed to Anonymous resulted in the leak of 128 gigabytes of data stolen from Russian internet service provider Convex, exposing extensive warrantless surveillance activities conducted by the Federal Security Service (FSB). The compromised documents revealed a covert initiative named 'Green Atom,' involving the installation of surveillance equipment to monitor all internet traffic passing through the company's infrastructure, facilitating mass data collection on citizens and organizations without legal authorization. The operation, coordinated with the FSB, allegedly violated Russian laws prohibiting unauthorized wiretapping and espionage. Stolen data, disseminated via DDoSecrets, included internal communications confirming the surveillance partnership and placed affected Russian entities at heightened risk of further cyber intrusions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On or around January 24, 2023, the hacktivist collective Anonymous, through an affiliate group called Caxxii, exfiltrated and subsequently leaked 128 gigabytes of data from Russian Internet Service Provider Convex. The data was published via the leak site DDoSecrets and contained internal documents exposing Convex's involvement in a clandestine surveillance initiative codenamed 'Green Atom' (also referenced as TS ORM fsb). According to the leaked correspondence and project documentation, Green Atom involved the installation of surveillance equipment across Convex's network infrastructure to monitor all internet traffic transiting through its systems in Russia's largest regions. This equipment allegedly mirrored data from every network switch under Convex's control, enabling comprehensive interception of communications without warrants. The documents revealed explicit coordination between Convex employees and Russia's Federal Security Service (FSB), with intercepted data being transmitted to Moscow for analysis by intelligence agencies.
The surveillance activities violated Russian laws prohibiting warrantless monitoring of civilians and constituted unauthorized wiretapping and espionage. Leaked records indicated the FSB leveraged Convex's infrastructure to conduct dragnet surveillance, contradicting public statements by Russian authorities about lawful intercept practices. The Green Atom project aligned with Russia's SORM (System for Operative Investigative Activities) framework, which mandates ISP compliance with FSB surveillance requirements, but exceeded legal boundaries by operating without judicial oversight. The data breach exposed technical details of the surveillance architecture and compromised sensitive information belonging to Russian organizations and citizens whose traffic was monitored. This placed affected entities at heightened risk of secondary cyberattacks due to the public availability of internal network data. DDoSecrets emphasized the leak confirmed systemic abuse of legal surveillance structures, highlighting the scale of data collection and its transmission to security services. No containment measures or responses from Convex or Russian authorities were documented in the source material following the disclosure.