Cyber Incident Victim: Worldwide Investment
Date:
Apr 2022
Location:
Russia
Summary
A cyber campaign attributed to Anonymous targeted multiple Russian entities, including an investment firm with connections to Estonia and Russian railways. The attackers leaked approximately 5.8 terabytes of data through DDoSecrets, compromising business communications across several organizations. The victim firm suffered a breach involving 130 gigabytes of emails totaling 250,000 messages, alongside other companies specializing in energy, real estate, and property management. The collective emphasized ongoing efforts to expose Russian government and corporate data as part of their declared operations against the nation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The incident involving Worldwide Invest occurred within the broader context of Anonymous’ #OpRussia campaign, a sustained cyber offensive initiated in response to Russia’s invasion of Ukraine in early 2022. Between April 19 and April 22, 2022, the hacktivist collective announced the publication of approximately 5.8 terabytes of data from Russian entities through the transparency collective DDoSecrets. This campaign targeted multiple organizations across critical sectors, including energy, real estate, and finance. Worldwide Invest, identified as an investment firm with ties to Estonia and Russian railways, was among the entities compromised during this three-day operation. The collective exfiltrated and leaked a 130-gigabyte archive containing 250,000 emails from the firm. Other affected organizations included Enerpred, a major producer of hydraulic tools for energy and industrial sectors, which lost 432 gigabytes of email data; Accent Capital, a commercial real-estate investment firm, with 211 gigabytes of emails exposed; and Sawatzky, a property management company servicing multinational clients like Google and Microsoft, which suffered a 432-gigabyte email leak. Anonymous characterized these actions as retaliation against Russian economic interests and vowed to continue targeting government and business infrastructure.
The breach of Worldwide Invest resulted in the unauthorized disclosure of sensitive corporate communications, though the specific content or strategic value of the emails was not detailed in available reports. The firm’s affiliations with Russian railways—a state-controlled entity critical to national logistics—suggest potential exposure of operational or financial data relevant to Russian infrastructure. No technical details regarding the intrusion vector, such as phishing, malware, or exploited vulnerabilities, were disclosed. Similarly, there was no public information about Worldwide Invest’s detection methods, incident response actions, or containment measures following the leak. The primary confirmed impacts were data loss and reputational exposure due to the association with compromised Russian entities. Anonymous framed the leaks as part of a strategy to disrupt Russian economic stability, emphasizing the scale of data exfiltrated across multiple industries. The collective reiterated its intent to release additional datasets targeting Russian commercial and governmental organizations, including banks, though no subsequent leaks specific to Worldwide Invest were documented in the immediate aftermath of this incident.