Cyber Incident Victim: Governor's Office of the Tver Region
Date:
Apr 2022
Location:
Russia
Summary
Hackers affiliated with the Anonymous collective breached three Russian government entities, including the Tver regional government, resulting in the leak of over 700 GB of data comprising approximately 590,000 emails. The incident exposed internal communications from the Ministry of Culture, Blagoveshchensk city administration, and the governor's office, with the latter losing 116 GB of emails. This cyberattack formed part of a broader wave of hacktivist operations targeting Russian state and commercial organizations in response to the invasion of Ukraine, which simultaneously involved other groups like Ukraine's IT Army. The compromised data potentially included sensitive information related to cultural policy, regional governance, and administrative operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On April 14, 2022, the hacktivist collective Anonymous, in coordination with Distributed Denial of Secrets (DDoSecrets), publicly disclosed a data breach involving three Russian government entities: the Ministry of Culture of the Russian Federation, the City Administration of Blagoveshchensk, and the Governor’s Office of the Tver region. The attack resulted in the exfiltration and publication of over 700 GB of email data, with the Tver Governor’s Office contributing 116 GB comprising approximately 130,000 emails. This incident formed part of a broader wave of cyber operations targeting Russian state institutions and businesses following the February 24, 2022 invasion of Ukraine. The breach exposed operational communications from the Tver regional government, led by Governor Igor Rudenya, a member of the United Russia party affiliated with President Vladimir Putin. While the specific methods of intrusion were not detailed in available reports, the attackers successfully accessed and extracted email archives from the targeted entities. The leak represented one of several high-volume data dumps attributed to Anonymous and aligned groups during this period, including a separate release of 437,500 emails from Russian companies Petrovsky Fort, Aerogas, and Forest.
The incident occurred amid coordinated efforts by multiple hacktivist collectives—including Ukraine’s IT Army and Hacker Forces—to disrupt Russian government and commercial operations in retaliation for the invasion. The broader campaign was characterized by rapid, large-scale data theft and publication rather than prolonged network persistence or destructive attacks. Impacts included potential exposure of sensitive government communications, though the specific content of the Tver region’s emails was not disclosed in reporting. No statements from the affected Russian entities regarding containment measures, forensic investigations, or remediation efforts were documented in available sources. The breach coincided with international condemnation of Russia’s military actions, including its suspension from the UN Human Rights Council following reports of human rights violations in occupied Ukrainian territories. The data leak aligned temporally with a refugee crisis displacing over 10 million Ukrainians, contextualizing the hacktivist operations as part of a non-state response to the humanitarian emergency triggered by the invasion.