Cyber Incident Victim: Gazprom
Date:
Feb 2022
Location:
Russia
Summary
Anonymous hackers breached a Russian state-owned energy corporation, leaking databases containing source code and project information as part of a broader #OpRussia campaign against entities supporting the invasion of Ukraine. The collective compromised thousands of government and private sector websites, exfiltrated internal communications from cybercrime groups, and disseminated alleged military documents detailing invasion plans. Additional actions included disrupting infrastructure by accessing surveillance cameras to monitor Ukrainian movements and leaking strategic files from naval forces, collectively aiming to undermine Russian operations and support Ukrainian resistance.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
The Anonymous collective launched a series of cyber operations against Russian and Belarusian entities beginning in late February 2022, under the banner of #OpRussia. This campaign was a direct response to Russia's military invasion of Ukraine, with Anonymous coordinating attacks alongside white hat hackers and researchers. Targets included over 2,500 websites linked to Russian and Belarusian governments, state-owned media outlets, private organizations, banks, hospitals, and airports. Among the most significant breaches was the compromise of Gazprom, Russia's state-controlled energy giant, by the Anonymous-affiliated group ATW around February 20, 2022. The attackers exfiltrated databases containing sensitive corporate information, including source code and details related to WellPro projects. Concurrently, Anonymous infiltrated the Russian Government's official website (gov.ru), exposing subdomains, backend server IP addresses, and compromising the Ministry of Economic Development's web presence. The collective also targeted cybercrime groups supporting Moscow, notably leaking internal chats and malware source code from the Conti ransomware operation.
A particularly consequential aspect of the campaign involved Anonymous claiming possession of classified Russian military documents allegedly detailing invasion plans. These materials, purportedly stolen from Russian troops, indicated operational timelines approved on January 18, 2022, with a planned occupation of Ukraine between February 20 and March 6. The collective disseminated geographical maps and strategic files attributed to Russia's Black Sea Fleet through social media channels, though independent verification of these documents' authenticity remained unconfirmed. Anonymous further attempted tactical disruption by compromising IP surveillance cameras to monitor Ukrainian troop movements. The Gazprom breach and associated infrastructure compromises exposed critical energy sector assets to potential operational interference, while the government website infiltrations undermined administrative digital security. These operations formed part of Anonymous's sustained effort to counter Russian military actions through coordinated cyber intrusions and information warfare tactics targeting state and corporate entities.