Cyber Incident Victim: Gazprom

In April 2022, Anonymous and affiliated hacker groups conducted a series of cyber operations against Russian organizations amid heightened geopolitical tensions. On April 14, 2022, the collective announced compromising Gazprom Linde Engineering, a joint venture specializing in gas processing and petrochemical facility design. Attackers exfiltrated 728GB of internal data containing 768,000 corporate emails, subsequently leaked through the DDoSecrets transparency platform. This breach occurred alongside parallel operations against other Russian entities that week. Earlier, Anonymous had leaked 446GB of data from Russia’s Ministry of Culture via the same platform. The group NB65 (@xxNB65) separately breached Continent Express, Russia’s largest independent travel agency, releasing nearly 400GB of files and databases. These coordinated actions targeted critical sectors of the Russian economy, with energy infrastructure representing a strategic focus.

The Gazprom Linde Engineering intrusion formed part of a broader campaign impacting Russia’s energy sector supply chain. Technotec, a petroleum services provider for Rosneft and Gazprom Neft since 1995, was compromised with 495,000 corporate emails stolen. The company’s partnerships with state research entities—including Gubkin Russian State University of Oil and Gas and the Russian Academy of Sciences’ Institute of Oil and Gas Issues—expanded the breach’s potential academic and technical ramifications. Data leaks via DDoSecrets exposed operational communications, project documentation, and potential intellectual property across multiple organizations. While immediate operational disruptions weren’t detailed, the cumulative theft of over 1.6TB of data from four entities within days demonstrated systematic targeting of government-aligned industries. The incidents highlighted vulnerabilities in organizations supporting Russia’s energy production and distribution networks during a period of intensified hacktivist activity.