Cyber Incident Victim: Space Research Institute of the Russian Academy of Sciences
Date:
Jul 2022
Location:
Russia
Summary
An Anonymous-affiliated group Spid3r claimed a cyberattack on Russia's Space Research Institute, allegedly stealing data intended for future release, in retaliation for pro-Kremlin Killnet's DDoS disruptions targeting Lithuanian and Norwegian institutions. This incident reflects ongoing digital hostilities between hacktivist factions amid the Ukraine conflict, with pro-Ukrainian actors frequently targeting Russian state and private entities while pro-Russian groups attack NATO-aligned nations' infrastructure. The breach remains unconfirmed but aligns with prior cyber campaigns against Russia's space sector, including Roscosmos and joint Mars mission documents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around July 3, 2022, the Anonymous-affiliated hacker group Spid3r claimed to have breached the Space Research Institute of the Russian Academy of Sciences (IKI RAN), Russia's primary institution for space exploration. The group announced the intrusion via Twitter, explicitly framing it as retaliation for distributed denial-of-service (DDoS) attacks conducted by the pro-Kremlin group Killnet against Lithuania and Norway. Spid3r, operating under the alias YourAnonSpider, stated that stolen data would be released soon, though the breach remained unconfirmed at the time of reporting. This incident occurred amid a sustained pattern of cyberattacks targeting Russia's space sector following the February 2022 invasion of Ukraine. Prior breaches included attacks on Roscosmos (Russia's space agency), leaks of documents related to the joint ESA-Russia ExoMars mission, and compromises of Russia's vehicle monitoring systems. The IKI RAN attack represented a continuation of hacktivist efforts to disrupt critical Russian scientific infrastructure in response to geopolitical events.
The operation formed part of a broader digital conflict between pro-Ukrainian and pro-Russian hacker collectives that escalated after Russia's invasion. Killnet had previously targeted Lithuanian and Norwegian infrastructure, disrupting Lithuania's State Tax Inspectorate IT systems and attacking Norway's secure national data network along with public and private institutions. Anonymous and affiliated groups like Ukraine's IT Army responded with counteroperations, including a separate breach of 80 million Russian phone numbers and passwords disclosed the same week. Pro-Ukrainian actors concentrated attacks on Russian financial services, disrupting online banking across 800 entities including banks and insurance providers. Killnet reciprocated by declaring "war" on NATO, launching DDoS campaigns against government websites in Italy, Romania, Germany, Czechia, and Latvia. This cycle of retaliatory cyber operations reflected the weaponization of hacktivist networks in hybrid warfare, with civilian-facing services frequently impacted. The IKI RAN incident exemplified how scientific institutions became collateral targets in this digitally amplified interstate conflict.