Cyber Incident Victim: RostProekt

The RostProekt data breach occurred in March 2022 as part of a coordinated cyber campaign by the hacktivist collective Anonymous and its affiliates against Russian industrial entities. The attack specifically targeted RostProekt, a Russian construction firm, resulting in the theft and subsequent public leakage of 2.4GB of corporate email data. Anonymous-affiliated accounts, including @DepaixPorteur, publicly claimed responsibility for the intrusion, framing it as retaliation against Russia's military actions in Ukraine. The stolen data was made available for public download through Distributed Denial of Secrets (DDoSecrets), a transparency-focused leak platform that frequently collaborates with hacktivist groups. This incident coincided with a larger breach targeting MashOil, a Moscow-based industrial equipment manufacturer, from which 110GB of data containing 140,000 emails was exfiltrated and leaked through the same channels.

The combined 112GB data dump from both companies was distributed via torrent links to maximize accessibility. Anonymous framed these operations under "Operation OpRussia," an ongoing initiative to compromise Russian critical infrastructure entities, particularly in the oil, gas, and construction sectors. The RostProekt breach exposed internal communications that could reveal operational vulnerabilities, contractual relationships, and project details. While the article provides no specifics about RostProekt's internal detection mechanisms or containment response, the public disclosure method via social media and DDoSecrets suggests the company likely became aware of the breach through external announcements. Historical context indicates this formed part of Anonymous' broader targeting of Russian institutions throughout 2022-2023, including prior operations against the Central Bank and Roskomnadzor. The attackers announced intentions to release an additional 1.22TB of data from unspecified Russian organizations following these leaks.