Cyber Incident Victim: Port and Railway Projects Service of JSC UMMC

On or around May 14, 2022, the Port and Railway Projects Service of JSC UMMC, a Russian entity operating the country’s two largest coal shipment ports, was breached by the hacktivist collective Anonymous as part of their ongoing #OpRussia campaign. This operation targeted Russian organizations following the invasion of Ukraine. Anonymous exfiltrated approximately 77,500 emails from the company’s systems, compiling them into a 106 GB data archive. The collective publicly leaked this dataset through the transparency group Distributed Denial of Secrets (DDoSecrets), a platform frequently used by hacktivists to disseminate stolen information. The breach occurred alongside attacks on other Russian entities that week, including the Achinsk City Government and the Polar Branch of the Russian Federal Research Institute of Fisheries and Oceanography, though the specific intrusion method used against JSC UMMC was not detailed in available reports.

The compromised data exposed internal communications of an organization critical to Russia’s coal export infrastructure, which collaborates with JSC Russian Railways to transport coal from mining sites to its ports. These facilities ship coal to over 30 countries across Europe, Asia, and the Americas, including NATO members like Germany, the UK, and Norway. While the immediate operational disruption to port activities remains unconfirmed, the leak risked revealing sensitive commercial agreements, shipment schedules, and partner engagements with entities such as Gazprom, Rosneft, and Lukoil. No statements from JSC UMMC acknowledging the breach or detailing containment measures were reported. The incident formed part of a broader Anonymous campaign that week, which collectively released over 700 GB of stolen emails from multiple Russian organizations, amplifying scrutiny of their operations amid international sanctions related to the Ukraine conflict.