Cyber Incident Victim: All-Russia State Television
Date:
Mar 2022
Location:
Russia
Summary
Anonymous and its affiliate NB65 breached the All-Russia State Television and Radio Broadcasting Company (VGTRK), exfiltrating and leaking approximately 900,000 emails and 4,000 files spanning two decades. The compromised data exposed internal operations of the state-controlled media entity, which plays a central role in disseminating Kremlin-aligned propaganda across national and international networks. The incident formed part of a broader campaign targeting Russian military and propaganda infrastructure, including prior leaks of personal details from a brigade implicated in civilian atrocities in Bucha, underscoring efforts to disrupt state narratives and military operations tied to the invasion of Ukraine.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In late March 2022, the Anonymous-affiliated hacktivist group NB65 breached the systems of the All-Russia State Television and Radio Broadcasting Company (VGTRK), one of Russia's largest state-controlled media organizations. The attack resulted in the exfiltration of approximately 900,000 internal emails and 4,000 files spanning two decades of operations. NB65 publicly claimed responsibility for the intrusion through their Twitter account (@xxNB65) and coordinated the release of stolen data via the transparency collective DDoSecrets. The leaked materials included sensitive documents and communications from VGTRK, which operates five national television channels, two international networks, five radio stations, and more than 80 regional broadcast outlets. This breach occurred amidst Anonymous' broader campaign targeting Russian entities following the invasion of Ukraine, including a separate operation that exposed personnel records of the 64th Motor Rifle Brigade stationed in Bucha.
The compromised data revealed VGTRK's institutional role as a Kremlin propaganda apparatus, with internal evidence showing direct editorial control by Russian government officials over news coverage related to military operations and geopolitical narratives. Former employees cited in evidentiary materials described systematic practices where Kremlin officials dictated specific incendiary phrases to discredit Ukraine and blacklisted experts who deviated from official positions. Technical specifications about VGTRK's infrastructure were not disclosed in available reports, though the breach's scale suggested penetration of email servers and document management systems. The Russian government had previously designated VGTRK as essential to national security in a 2017 decree, heightening the sensitivity of the exposure. While no containment measures or official responses from VGTRK were documented in source materials, the leak provided unprecedented insight into state media operations, including connections to information agencies like Rossiya Segodnya that manage Sputnik and RIA Novosti platforms. The incident demonstrated hacktivist capabilities to compromise critical Russian information systems during heightened geopolitical tensions.