Cyber Incident Victim: Yandex Taxi

On September 1, 2022, hackers exploited Yandex Taxi, Russia’s largest ride-hailing service, to orchestrate a disruptive traffic jam in central Moscow. The attackers, later claimed by the hacktivist group Anonymous in collaboration with Ukraine’s IT Army, deployed bulk fake orders through the app, directing dozens of available taxis to converge simultaneously on Kutuzovsky Prospekt, a major avenue. This targeted location in the Fili district was deliberately chosen to maximize congestion. Videos circulated on social media platforms like Twitter and Reddit showed long lines of taxis immobilized in the resulting gridlock. Yandex confirmed the incident involved "several dozen drivers" receiving coordinated orders, though the exact scale of affected vehicles remains unspecified. The company’s security team detected and blocked the attack swiftly, halting further fraudulent requests.

The incident caused significant disruption, with varying reports on the jam’s duration: Forbes Russia cited approximately 40 minutes of delays for drivers, while Yandex’s spokesperson stated it lasted "less than an hour." Anonymous, however, claimed the blockade persisted for over two hours. Regardless of the timeframe, the attack paralyzed one of Moscow’s busiest thoroughfares, exacerbating the city’s chronic traffic issues. Yandex acknowledged the operational impact and pledged to address compensation for affected drivers, though no specific restitution details were disclosed. The company also implemented immediate improvements to its algorithms to detect and prevent similar bulk-order attacks in the future. No data breach or system compromise beyond the fake orders was reported, and Yandex did not formally attribute the attack to any group despite Anonymous’ public claim of responsibility.