Cyber Incident Victim: Rostec
Date:
Mar 2022
Location:
Russia
Summary
A Russian state-owned defense conglomerate experienced a temporary website shutdown following a distributed denial-of-service (DDoS) attack attributed to Ukrainian volunteer hackers associated with the IT Army, a group formed to conduct cyber operations against Russian targets amid ongoing hostilities. The organization claimed the attack was repelled and services restored promptly, while Russian authorities warned of persistent cyberattacks targeting federal agencies and shared defensive guidance. This incident occurred within a broader campaign of digital assaults, including supply chain compromises and website defacements, as Ukrainian officials mobilized cyber volunteers to disrupt Russian online infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 11, 2022, Russian state-owned aerospace and defense conglomerate Rostec reported taking its website offline following a distributed denial-of-service (DDoS) attack. The corporation stated the attack began at 11:30 a.m. Moscow time, characterizing it as part of sustained cyber assaults against its digital infrastructure since late February 2022, coinciding with Russia's invasion of Ukraine. Rostec described restoring service after a brief shutdown, claiming all corporate information remained fully accessible post-recovery. The company attributed responsibility to Ukrainian "radicals," specifically referencing Ukraine's IT Army – a volunteer cyber collective formed days earlier under the direction of Ukrainian Vice Prime Minister Mykhailo Fedorov to conduct cyber operations against Russian targets. This incident occurred amid heightened cyber hostilities, with Rostec's outage representing one of multiple high-profile disruptions to Russian state-affiliated entities during this period.
The attack unfolded against a backdrop of escalating cyber conflict between the two nations. Russia's National Coordination Center for Computer Incidents (NKTsKI), operated by the Federal Security Service (FSB), had recently published over 17,000 IP addresses allegedly used in DDoS campaigns against Russian networks while issuing defensive guidance to domestic organizations. Concurrently, Ukraine's cyber police reported successful takedowns of critical Russian government websites through IT Army operations. Earlier in the same week, Russia's Digital Development Ministry disclosed supply chain compromises affecting federal agencies including the Energy Ministry and Federal State Statistics Service, where websites were defaced. Rostec's statement denying permanent damage to its systems aligned with Russian authorities' broader assertions that foreign cyberattacks were being successfully mitigated, despite acknowledging continuous assault volumes. The corporation's decision to temporarily suspend its web presence constituted a reactive containment measure rather than a prolonged operational disruption.