Cyber Incident Victim: Space Research Institute of the Russian Academy of Sciences
Date:
Mar 2022
Location:
Russia
Summary
A hacktivist group associated with Anonymous breached and defaced a subdomain of the Russian Space Research Institute (IKI), targeting a section related to an upcoming space observatory project. The attackers leaked data purportedly from Russia's space agency, including lunar mission documents, spreadsheets, and handwritten forms, distributing it via a cloud-hosted ZIP file. While other subdomains remained operational, the defacement referenced geopolitical tensions surrounding international space cooperation. The institute develops scientific equipment for space experiments, and though the breach was confirmed by Anonymous-linked sources, the authenticity of the leaked materials remains unverified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On March 3, 2022, hacktivists operating under the Twitter handle 'v0g3lSec' breached and defaced a subdomain of the Russian Space Research Institute (IKI) website. The compromised section pertained to the World Space Observatory Ultraviolet (WSO-UV) project, an international astronomical initiative scheduled for launch in 2025. While other IKI subdomains remained operational, attackers replaced the WSO-UV project page content with anti-war messages referencing Russia's invasion of Ukraine and its decision to terminate space cooperation with NASA, which threatened the International Space Station's future operations. The hacktivist group Anonymous publicly claimed responsibility through its affiliated Twitter account @YourAnonNews, which additionally disseminated a Cloud-hosted ZIP file purportedly containing stolen Roscosmos data. This archive allegedly included lunar mission documentation, handwritten forms, technical spreadsheets, and scientific PDFs related to space experiments, though independent verification of the data's authenticity remained pending at the time of reporting.
The incident disrupted public access to WSO-UV project information while leaving IKI's primary web infrastructure intact. No operational spacecraft systems or scientific instruments were confirmed compromised, as the breach targeted only web-facing assets. Anonymous leveraged the defacement to protest Russia's geopolitical actions, explicitly connecting the attack to Moscow's withdrawal from joint space exploration initiatives. Institute personnel did not publicly acknowledge the breach or provide restoration timelines for the affected subdomain. Cybersecurity analysts observed the attack as part of a coordinated hacktivist campaign against Russian entities following the Ukraine invasion, with prior Anonymous operations disrupting state media broadcasts and electric vehicle infrastructure in Moscow during late February 2022. The data leak represented potential exposure of non-classified research materials, though the institute's core space equipment design functions showed no evidence of operational impact.