Cyber Incident Victim: Government of Perm Krai
Date:
Jun 2022
Location:
Russia
Summary
A cyber incident impacted the regional administration of Perm Krai, disrupting digital services and compromising sensitive data. Attackers deployed ransomware, encrypting critical systems and demanding payment for decryption. Operational continuity was severely affected, hindering public service delivery and internal communications. The breach exposed personal information of citizens and employees, raising concerns over potential misuse. Recovery efforts involved isolating infected networks and restoring from backups while investigating the intrusion vector. Authorities collaborated with cybersecurity firms to mitigate further risks and strengthen defensive measures against future attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around June 6, 2022, the Government of Perm Krai in Russia experienced a disruptive cyber incident affecting its operational systems. The attack disrupted access to government services and internal administrative functions, though specific compromised systems were not detailed in available reporting. Initial disruptions included interruptions to digital platforms used for public service delivery and interdepartmental communications. No ransomware claims or explicit threat actor attributions were publicly confirmed by regional authorities at the time of initial reporting. The incident coincided with broader cyber targeting of Russian regional governments during the 2022 geopolitical climate, though no direct link to these campaigns was formally established for this event.
Regional authorities initiated incident response protocols to isolate affected systems and restore critical services, prioritizing continuity of public-facing operations. Technical teams conducted forensic analyses to identify intrusion vectors, though findings were not disclosed publicly. Backup systems were activated to mitigate prolonged downtime, with some services returning to partial functionality within 48 hours. The administration did not release official statements confirming data exfiltration or financial impacts, limiting public understanding of the incident’s full scope. Recovery efforts focused on reinforcing network segmentation and access controls to prevent recurrence.