Cyber Incident Victim: Russian Federal Service for Supervision of Communications, Information Technology and Mass Media
Date:
Nov 2022
Location:
Russia
Summary
Belarusian hacktivist group Cyber Partisans breached a Russian internet regulator agency, claiming theft of internal documents including employee passport data, medical records, emails, and surveillance project details related to monitoring journalists and online dissent. The targeted agency—part of Roskomnadzor—denied sensitive data exposure or system encryption, asserting control over the incident, while the hackers countered by releasing evidence of accessed materials, including proof of employee surveillance using Belarusian software. Cyber Partisans announced plans to analyze and share documents with journalists, highlighting alleged systemic efforts to suppress anti-government voices, with prior leaks from the regulator having exposed Russia’s automated content monitoring systems aimed at stabilizing sociopolitical conditions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In November 2022, Belarusian hacktivist group Cyber Partisans claimed responsibility for a cyberattack against Russia’s internet regulator Roskomnadzor, specifically targeting its subsidiary agency, the General Radio Frequency Center (GRFC). The group announced the breach on November 18, asserting they had exfiltrated thousands of internal documents and encrypted GRFC’s computer systems. Cyber Partisans alleged the stolen data revealed Roskomnadzor’s efforts to establish "total control" over critics of the Putin regime over two decades, including surveillance operations targeting journalists, bloggers, and ordinary citizens. GRFC acknowledged the intrusion on November 19 but downplayed its severity, stating attackers failed to access sensitive information and denying systems were encrypted. The agency disclosed that initial intrusion attempts began in October via a previously unknown vulnerability, noting its infrastructure routinely faced up to 10 daily hacking attempts.
Cyber Partisans countered GRFC’s claims by releasing evidence of compromised data, including employee passport details, medical records, internal emails, and project reports detailing bot farms and internet monitoring systems. The group shared screenshots of documents from Roskomnadzor’s "KOV" system—an automated platform tracking anti-war content online—and lists of Ukraine-war-related posts from Telegram and VKontakte. They also alleged discovering evidence that Belarusian firm Falcongaze’s surveillance software monitored GRFC staff, declaring they had three months of employee activity logs. While Falcongaze did not respond to these claims, Cyber Partisans announced plans to analyze the documents and share them with journalists. The breach’s potential significance lies in Roskomnadzor’s documented role in Russia’s surveillance apparatus, with prior leaks exposing automated systems designed to flag content "capable of destabilizing Russia’s sociopolitical situation," as reported by Meduza and The New York Times using earlier Roskomnadzor data troves. GRFC maintained the attack was "under control" with no confidential data leaked, but the incident highlighted persistent vulnerabilities within state-linked cyber infrastructure.