Cyber Incident Victim: CorpMSP

On May 2 and 3, 2022, the Ukraine IT Army conducted distributed denial-of-service (DDoS) attacks against Russia’s Unified State Automated Alcohol Accounting Information System (EGAIS) portal, a critical infrastructure component for alcohol distribution nationwide. The attacks followed a call to action circulated within the hacktivist community, with system failures becoming publicly evident by May 4. These disruptions prevented alcohol factories from accepting tanker deliveries and blocked distributors and retail stores from accessing finished products already in transit. Multiple factories suspended shipments to warehouses entirely and subsequently reduced production rates due to the operational paralysis. Concurrently, Anonymous collective affiliates leaked stolen Russian organizational data through the DDoSecrets platform while conducting information operations, including sending over 100 million messages to Russian citizens to counter state propaganda about the Ukraine invasion.

Crowdstrike researchers attributed these attacks to pro-Ukraine actors, likely aligned with the Ukraine IT Army, who weaponized misconfigured Docker installations via exposed APIs to hijack computational resources for DDoS campaigns. The threat actors deployed malicious Docker images to bombard targets, including Russian government, military, and media websites, as well as three Lithuanian media platforms. The EGAIS incident represented one component of a broader offensive, with Anonymous and affiliated groups like @squad3o3 coordinating cyber operations against Russian entities throughout early May 2022. No mitigation efforts or containment actions by the affected Russian organizations were documented in available reporting. The alcohol distribution breakdown persisted during the attack window, demonstrating tangible supply chain consequences from the sustained network disruption.