Cyber Incident Victim: Department of Information Projects
Date:
Mar 2022
Location:
Russia
Summary
Anonymous compromised the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor), exfiltrating 820 GB of sensitive data including operational files and HR databases. The leak aimed to expose the agency's role in censoring media and disseminating disinformation regarding the Ukraine conflict. A linked group, Ghostsec, separately breached the Department of Information Projects. Pro-Russian actors claimed retaliatory actions against Anonymous-affiliated online assets, though the collective lacks an official website. Verification of the leaked documents' authenticity remained challenging due to linguistic barriers and the volume of circulating claims during the heightened information warfare.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 5 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On March 5, 2022, the hacktivist collective Anonymous announced a breach of Russia’s Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor), the state agency responsible for media censorship and disinformation control. The attackers exfiltrated 820 GB of sensitive data, comprising two primary datasets: one containing over 360,000 files dated up to March 5 (536.9 GB) detailing the agency’s operational activities, and another consisting of human resources databases (290.6 GB) documenting internal procedures. Concurrently, Ghostsec, an affiliate of Anonymous, claimed responsibility for hacking the Department of Information Projects (accessible via http://omk.ru), though specific details regarding the scope or content of this breach were not disclosed. The leaks targeted Roskomnadzor’s role in managing Russia’s disinformation campaigns, particularly its censorship of social media platforms like Twitter and Facebook during the invasion of Ukraine. Anonymous framed the operation as an effort to expose state-backed propaganda and atrocities suppressed by Russian authorities.
Pro-Russia hacktivist groups responded by asserting they had taken down a website allegedly associated with Anonymous, though Anonymous historically operates without a centralized online presence, casting doubt on the claim’s validity. Verification of the leaked data’s authenticity faced significant challenges due to the documents being in Russian and the proliferation of similar unverified reports circulating online at the time. The breach underscored Roskomnadzor’s critical function in restricting information about the Ukraine conflict within Russia, with the agency implementing strict media controls to prevent destabilization of domestic political sentiment. No official statements from Roskomnadzor or the Department of Information Projects acknowledging the incidents were reported in the source material. The operation exemplified Anonymous’ coordinated strategy to disrupt Russian information warfare infrastructure through high-volume data theft and public disclosure.