Cyber Incident Victim: Moscow Drilling and Mining Equipment Company
Date:
Mar 2022
Location:
Russia
Summary
The Moscow-based industrial equipment manufacturer was breached by the hacktivist group Anonymous, resulting in the theft and public leak of 110GB of data including 140,000 emails distributed via torrent. The incident, part of broader operations targeting Russian entities in response to the Ukraine invasion, aimed to expose sensitive industry information and oppose ongoing military actions, with additional data releases planned from other institutions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 29, 2023, the hacktivist collective Anonymous publicly claimed responsibility for breaching two Russian industrial firms—MashOil, a Moscow-based equipment manufacturer, and RostProekt, a construction company. The group exfiltrated and leaked a combined 112GB of data, with MashOil sustaining the majority of the impact at 110GB of stolen information. The compromised MashOil data included approximately 140,000 internal emails, which Anonymous affiliates made available for public download via torrent through the transparency group DDoSecrets. The breach was announced by the Anonymous-affiliated Twitter account @YourAnonNews, which has historically disseminated the collective’s operations. A separate affiliate, @DepaixPorteur, confirmed the RostProekt breach involving 2.4GB of email data. The attackers explicitly stated the leaks were part of ongoing protests against Russia’s invasion of Ukraine, aligning with Anonymous’s broader “Operation OpRussia” campaign targeting critical Russian infrastructure sectors.
The incident represented a significant exposure of corporate communications from MashOil, a firm engaged in industrial equipment manufacturing. No technical details regarding intrusion vectors, internal detection mechanisms, or containment efforts by the affected organizations were disclosed in public claims. The leaked data’s availability on DDoSecrets—a platform known for hosting datasets of public interest—amplified its accessibility to researchers, journalists, and other third parties. Anonymous framed the leaks as strategic disclosures aimed at undermining Russian economic interests, particularly within the oil and gas sector, and announced intentions to release an additional 1.22TB of data from unspecified Russian institutions. The operation continued a pattern of anonymized data releases targeting Russian entities since the 2022 invasion, including prior incidents involving the Central Bank and telecommunications regulator Roskomnadzor. No verified statements from MashOil or RostProekt addressing the breaches or detailing remediation steps were referenced in the source material.