Cyber Incident Victim: leroymerlin.ru

Anonymous, a decentralized hacktivist collective, initiated cyber operations against Russian entities following the Russian invasion of Ukraine on February 24, 2022. The group expanded its targeting in March 2022 to include Western companies maintaining business operations in Russia, asserting these organizations financially supported the Russian government through tax payments. The collective publicly threatened companies continuing operations in Russia, framing their actions as retaliation for enabling the Russian war effort. Nestlé was the first confirmed target of this campaign, with Anonymous claiming theft of 10 GB of sensitive data including corporate emails, passwords, and business customer information. The group leaked a sample dataset containing over 50,000 Nestlé business customers as proof of compromise.

On March 24, 2022, Anonymous escalated operations by launching distributed denial-of-service (DDoS) attacks against the Russian websites of multinational retailers Auchan, Leroy Merlin, and Decathlon. These coordinated attacks rendered the targeted domains, including leroymerlin.ru, inaccessible to users. The collective’s affiliated Twitter account, Anonymous TV, publicly claimed responsibility for the outages and provided screenshots as evidence of the websites’ non-functionality. Concurrently, Anonymous announced a separate breach of the Central Bank of Russia, exfiltrating 35,000 files with a threat to release the data within 48 hours. The DDoS attacks caused immediate disruption to the targeted companies’ Russian online services, though the duration of outages and technical specifics of remediation efforts were not disclosed in available reporting. No data breach claims or evidence of network infiltration specific to Leroy Merlin were asserted beyond the confirmed website disruption.