Cyber Incident Victim: Decathlon
Date:
Mar 2022
Location:
Russia
Summary
Anonymous launched disruptive cyber operations against Decathlon's Russian website, causing it to become inaccessible through powerful DDoS attacks. The hacktivist collective targeted the company for maintaining business operations in Russia, alleging such activities financially supported the government amid geopolitical tensions. This incident formed part of a broader campaign against Western corporations continuing Russian market presence, with Anonymous publicly claiming responsibility and demonstrating the attack's success via unreachable site screenshots. The group's actions aligned with its declared objective to pressure organizations withdrawing from Russia through digital disruption tactics.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 24, 2022, Russia initiated its invasion of Ukraine, prompting the hacktivist collective Anonymous to declare cyber warfare against Russian entities. By early March 2022, Anonymous expanded its operations to target Western companies maintaining business operations in Russia, asserting these organizations were indirectly funding the Russian government through tax payments. The collective first threatened multinational food corporation Nestlé, subsequently breaching its systems and exfiltrating 10 GB of sensitive data—including corporate emails, passwords, and business customer records. On March 24, 2022, Anonymous publicly leaked a sample of over 50,000 Nestlé customer records and escalated its campaign via Twitter (@YourAnonTV), announcing coordinated distributed denial-of-service (DDoS) attacks against French retail corporations Auchan, Leroy Merlin, and Decathlon’s Russian websites (decathlon.ru). The attacks overwhelmed the sites’ infrastructure, rendering them inaccessible to users, as evidenced by screenshots shared by the group showing connection timeouts and error messages.
The DDoS attacks against Decathlon.ru and other targets caused immediate disruption to the companies’ Russian online operations, though the duration of the outages and technical specifics of the attacks were not disclosed in Anonymous’s announcements. Concurrently, Anonymous claimed to have compromised the Central Bank of Russia, exfiltrating 35,000 files with a threat to release them within 48 hours, though this operation was unrelated to the retail sector targeting. No data breach or data exfiltration was explicitly attributed to the Decathlon.ru incident beyond the temporary service disruption. The collective framed these actions as retaliation against corporations refusing to exit the Russian market, emphasizing their intent to economically pressure the Russian government by disrupting revenue streams and tax contributions from foreign businesses. Anonymous did not reference any direct engagement with Decathlon or the other companies regarding remediation or negotiations.