Cyber Incident Victim: Ministry of Defence of the Russian Federation
Date:
Sep 2022
Location:
Russia
Summary
Anonymous claimed to hack the Russian Defense Ministry's website, leaking personal data of approximately 305,925 reservists likely targeted for military mobilization following a national address announcing partial conscription. The breach exposed individuals to potential social engineering risks and contact by Ukrainian entities. This incident aligns with the hacktivist group's broader cyber campaign against Russian entities in retaliation for the invasion of Ukraine, which included prior breaches of government databases and media disruptions. The leak underscores the ongoing role of cyber operations in the conflict, where hacktivist actions have complemented Ukraine's defensive resilience against Russian cyber-aggression.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 23, 2022, the hacktivist collective Anonymous claimed via its Twitter account (@YourAnonTV) to have compromised the Russian Ministry of Defense’s website and exfiltrated personal data belonging to 305,925 individuals identified as potential military reservists. The group published an image purportedly containing samples of this sensitive information, which included details enabling identification of the affected individuals. This disclosure occurred two days after Russian President Vladimir Putin’s September 21 televised address announcing a partial mobilization of approximately 300,000 reservists to reinforce Russia’s military operations in Ukraine. The mobilization order responded to Ukraine’s successful counter-offensive campaigns that reclaimed significant territories previously occupied by Russian forces. Anonymous framed the breach as exposing the first wave of conscripts targeted under Russia’s three-phase mobilization plan, though the Russian government did not publicly confirm the legitimacy of the leaked data at the time.
The incident represented one of numerous cyber operations Anonymous conducted against Russian entities following its February 24, 2022 declaration of “cyber war” against the Russian government in retaliation for the invasion of Ukraine. Prior actions included a March 2022 breach of Russia’s federal communications regulator, resulting in the leak of 360,000 files, and simultaneous disruptions to Russian streaming services and state-controlled television broadcasts, which were replaced with war footage from Ukraine. If verified, the reservist data leak posed operational security risks by potentially exposing conscripts to social engineering attempts or direct contact by Ukrainian entities. The broader conflict witnessed extensive cyber activity, with Russia conducting sustained attacks against Ukrainian infrastructure and Western organizations supporting Ukraine, while Ukrainian defenses—bolstered by international assistance—demonstrated notable resilience against disruptive operations. Western governments concurrently advised private-sector organizations to enhance defensive measures amid expectations of Russian cyber retaliation against sanctions.