Browse

Cyber Incident Victim: Anonymous

Date:

May 2022

Location:

Russia

Summary

Pro-Ukraine hacktivist groups, including Anonymous and the Ukraine IT Army, conducted cyber operations against Russian entities, employing DDoS attacks and exploiting misconfigured Docker installations to disrupt critical infrastructure. Primary targets included a vital alcohol distribution system, causing widespread logistical failures that halted factory shipments and reduced production rates. Additional attacks affected government, military, and media websites in Russia and Lithuania, leveraging compromised computational resources to sustain offensive campaigns.

CIA Posture	Motives	Tactics, Techniques & Procedures
Available to members	1 motive	2 techniques

Threat Actors	Type	Location
3 actors	Available to members	Available to members

Description

The Anonymous collective and Ukraine IT Army conducted coordinated cyber operations against Russian targets in early May 2022, with significant activity occurring between May 2-4. On May 2-3, hacktivists launched distributed denial-of-service (DDoS) attacks against Russia's Unified State Automated Alcohol Accounting Information System (EGAIS), a critical platform for alcohol distribution management. The attacks caused sustained technical failures reported through May 4, following calls to action circulated within the Ukraine IT Army community. These disruptions prevented alcohol factories from accepting raw material deliveries and blocked distributors from accessing finished products already in transit. Multiple production facilities suspended shipments to warehouses entirely and subsequently reduced manufacturing output rates due to system inaccessibility.

Parallel operations involved Anonymous-affiliated group @squad3o3 disseminating over 100 million messages to Russian citizens countering official narratives about the Ukraine conflict. Concurrently, researchers observed pro-Ukraine actors – likely aligned with the IT Army – exploiting misconfigured Docker installations through exposed APIs to hijack computational resources. These compromised systems launched DDoS campaigns against twelve Russian government, military, and media websites, with three Lithuanian media platforms also affected. The Docker-based attacks formed part of a broader strategy combining infrastructure disruption with information operations targeting Russian civilian awareness. Operational impacts extended beyond immediate service degradation to include supply chain interruptions and production slowdowns in Russia's alcohol sector.

Sources

Sources available to members

1 source