Cyber Incident Victim: Marathon Group

On March 31, 2022, the hacktivist collective Anonymous claimed responsibility for a cyberattack against Marathon Group, a Russian investment firm owned by sanctioned oligarch Alexander Vinokurov. The group successfully breached the company's systems, exfiltrating a 52GB archive containing approximately 62,000 internal emails. Anonymous subsequently published this stolen data through the transparency collective Distributed Denial of Secrets (DDoSecrets), making the confidential corporate communications publicly accessible. This incident formed part of Anonymous' coordinated campaign targeting Russian businesses with ties to oligarchs following Russia's invasion of Ukraine, as evidenced by their simultaneous announcement of breaching Thozis Corp the previous day. The attack demonstrated direct targeting of entities associated with politically connected individuals, given Vinokurov's familial relationship to Russian Foreign Minister Sergey Lavrov through marriage to Lavrov's daughter.

The compromised Marathon Group held particular significance due to its owner's inclusion on the European Union's sanctions list, which had frozen Vinokurov's assets and prohibited EU citizens from conducting business with him. No details emerged regarding Marathon Group's operational disruptions, data recovery efforts, or security enhancements following the breach. Concurrently with the Marathon attack, Anonymous claimed a separate compromise of a Belarusian government website pertaining to economic affairs in Volozhin, a city within the Minsk Region, though no further specifics were provided about that intrusion's scope or impact. The dual announcements highlighted Anonymous' parallel targeting of Russian commercial entities and Belarusian government infrastructure during this operational phase. The Marathon email leak represented one of the largest single data dumps attributed to Anonymous' anti-war campaign against Russian-aligned interests during this period.