Cyber Incident Victim: Continent Express
Date:
Apr 2022
Location:
Russia
Summary
A Russian travel agency suffered a significant data breach when hacking group Network Battalion 65 (NB65) exfiltrated and leaked 399 GB of internal files and databases. The compromised data, subsequently published by transparency collective DDoSecrets, included sensitive organizational information. The cyberattack was part of a broader operation targeting Russian entities amid geopolitical tensions, with NB65 explicitly aligning its actions against Russian interests in the context of the Ukraine conflict. The leak represented both operational disruption and reputational damage to the victim organization, while also demonstrating hacktivist capabilities to access and disseminate large volumes of corporate data during heightened cyber warfare activities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 15, 2022, the hacking collective "Network Battalion 65" (NB65) executed a cyberattack against Continent Express, a Russian travel agency. The attack resulted in the exfiltration and subsequent public leak of 399 gigabytes of company files and databases. Distributed Denial of Secrets (DDoSecrets), a transparency-focused organization known for publishing hacked data, disseminated the compromised information. The breach was publicly disclosed via social media channels, with NB65 using the hashtags #OpRussia and #cyberattack to claim responsibility. The incident occurred against the backdrop of heightened cyber operations targeting Russian entities following the country’s military actions in Ukraine, though the specific motivations for targeting Continent Express were not explicitly detailed in the available reporting.
The leaked data comprised internal company documents, databases, and operational files, exposing sensitive business information and potentially customer records. NB65 framed the attack as part of a broader campaign against Russian interests, aligning with other hacktivist operations under the #OpRussia banner. No specific technical details regarding the attack vector (e.g., phishing, vulnerability exploitation) or Continent Express’s internal detection and response efforts were disclosed in the sourced material. The breach amplified concerns about the targeting of civilian commercial entities in geopolitical cyber conflicts, particularly within the travel sector, which handles significant volumes of personal and financial data. The long-term operational or financial consequences for Continent Express remained unverified in the available reporting.