Cyber Incident Victim: EGAIS

On or around May 4, 2022, Ukraine’s IT Army launched distributed denial-of-service (DDoS) attacks against Russia’s Unified State Automated Information System (EGAIS), a government-mandated portal critical for regulating the distribution of alcoholic beverages. The attacks overwhelmed EGAIS servers with excessive traffic, rendering the system inaccessible to vodka producers, distributors, and retailers. Russian media reported widespread operational disruptions, with factories unable to accept alcohol shipments and distributors blocked from delivering finished products to stores. By May 5, 2022, multiple alcohol producers halted outgoing shipments entirely due to storage capacity limits caused by undelivered inventory, forcing production slowdowns. Retail outlets faced potential shortages as the supply chain bottleneck intensified. The disruption persisted for several days, directly impacting Russia’s domestic alcohol distribution network.

The incident marked a continuation of Ukraine’s IT Army operations, a volunteer cyber collective publicly endorsed by the Ukrainian government in February 2022 to target Russian critical infrastructure. The group’s tactics focused on disrupting state-mandated systems essential for supply chain logistics, mirroring prior attacks such as the March 2022 compromise of VetIS, a veterinary management platform used by meat producer Miratorg. No technical details of the EGAIS attack vector or mitigation efforts by Russian authorities were disclosed in available reports. Consequences were confined to operational and economic impacts, with no evidence of data theft, physical damage, or ransomware deployment. The incident underscored the IT Army’s strategy of targeting sector-specific regulatory platforms to amplify systemic disruption.