Cyber Incident Victim: Sawatzky
Date:
Apr 2022
Location:
Russia
Summary
Anonymous conducted a cyber campaign against Russian entities, leaking 5.8 TB of data including from Sawatzky, a property management firm serving multinational clients such as Google, Microsoft, and Johnson & Johnson. The breach exposed 432GB of the company's emails, compromising sensitive communications and client-related information alongside other targeted organizations in energy, real estate, and investment sectors. This operation formed part of a broader retaliatory effort following geopolitical events, with the collective vowing continued data releases against Russian businesses and government bodies.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Sawatzky data breach occurred between April 19-22, 2022, as part of Anonymous' coordinated #OpRussia campaign against Russian entities following the invasion of Ukraine. The hacktivist collective publicly claimed responsibility for exfiltrating and leaking 432GB of internal company data comprising 575,000 corporate emails through the transparency platform DDoSecrets. This breach formed part of a broader three-day operation targeting four Russian organizations, resulting in cumulative leaks of 5.8 terabytes of data. Sawatzky, identified as a property management firm servicing multinational clients including DuPont, Lenovo, Whirlpool, Johnson & Johnson, Cisco, Google, Microsoft, and British American Tobacco, had its email communications exposed without client data segregation specified in the leak. The attack methodology wasn't disclosed, though the operation followed Anonymous' established pattern of breaching and publishing victim data through third-party platforms.
The incident exposed sensitive corporate correspondence of Sawatzky and potentially compromised operational details of its high-profile client portfolio spanning technology, consumer goods, and transportation sectors. No evidence indicated immediate financial theft or system destruction, though the email leak created reputational risks and potential supply chain intelligence vulnerabilities for affected clients. Anonymous announced intentions to release additional Russian business and government data, explicitly mentioning planned breaches of commercial banking institutions. Sawatzky's parent company or regional affiliations weren't specified in available disclosures. The company's public response and remediation efforts weren't documented in the source material, though the breach's scale suggested significant operational security failures. Concurrent breaches of Enerpred (645,000 emails), Accent Capital (365,000 emails), and Worldwide Invest (250,000 emails) demonstrated Anonymous' capacity to simultaneously compromise diverse economic sectors including energy, real estate, and transportation infrastructure.