Cyber Incident Victim: Thozis Corporation
Date:
Mar 2022
Location:
Russia
Summary
The Russian investment firm Thozis Corp. experienced a cyberattack by the Anonymous collective, resulting in the theft and public release of 5,500 internal emails containing sensitive information on deals and investments, including details related to a major government-supported development project. While Anonymous claimed responsibility for this breach and shared the data via DDoSecrets, they denied involvement in a separate incident impacting the Russian aviation authority, which suffered extensive data loss amid speculation of hacktivist activity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around March 30, 2022, the hacktivist collective Anonymous breached the systems of Thozis Corp., a Russian investment firm owned by oligarch Zakhar Smushkin, who ranked 2,674 on Forbes’ billionaire list. The attackers exfiltrated approximately 5,500 internal corporate emails containing sensitive information about the firm’s business deals and investment strategies. Anonymous subsequently provided the stolen data to the transparency platform Distributed Denial of Secrets (DDoSecrets), which published the emails online. The leaked correspondence included details about Thozis Corp.’s involvement in the Yuzhny satellite city development project in Saint Petersburg, one of Russia’s largest construction initiatives. This project had been designated a priority investment under the Russian government’s 2020 Strategy and received state financial support. The breach occurred amid Anonymous’ broader campaign targeting Russian organizations and foreign companies continuing operations in Russia and Belarus following the invasion of Ukraine, with recent pressure causing companies like Calfrac Well Services and Decathlon to reduce their Russian activities.
The data exposure revealed proprietary information about Thozis Corp.’s investment mechanisms and government-backed development projects, potentially compromising business operations and strategic partnerships. While Anonymous publicly claimed responsibility for this breach, they separately denied involvement in a contemporaneous attack on Russia’s Civil Aviation Authority (Rosaviatsia), where 65 terabytes of data were erased. Russian authorities attributed the Rosaviatsia disruption to technical failures in electronic document systems and internet access issues, though media outlets speculated about Anonymous’ potential involvement. No statement from Thozis Corp. regarding remediation efforts or operational impacts was reported, and the firm did not confirm whether the email leak resulted from cybersecurity failures or intentional insider cooperation. The incident exemplified hacktivist exploitation of geopolitical tensions to disrupt entities perceived as supporting Russian state interests, while also highlighting risks of false flag operations by unrelated threat actors capitalizing on Anonymous’ notoriety.