Cyber Incident Victim: NB65

In early May 2022, pro-Ukraine hacktivist groups including Anonymous and the Ukraine IT Army conducted disruptive cyber operations against Russian critical infrastructure and media entities. On May 2-3, coordinated distributed denial-of-service (DDoS) attacks targeted Russia's Unified State Automated Alcohol Accounting Information System (EGAIS), a vital platform for alcohol distribution logistics. The attacks caused sustained technical failures reported through May 4, following a public call to action within the Ukraine IT Army community. Operational impacts included factories being unable to accept alcohol shipments, distributors failing to receive delivered products, and widespread shipment halts. Multiple alcohol production facilities reduced manufacturing rates due to distribution chain paralysis, demonstrating cascading effects on physical industrial operations from the digital disruption.

Parallel attacks employed novel technical methods, with Crowdstrike researchers documenting the use of weaponized Docker images against Russian government, military, and media websites. Attackers exploited misconfigured Docker installations through exposed APIs to hijack computational resources for DDoS campaigns. This technique targeted approximately a dozen Russian entities alongside three Lithuanian media websites, indicating geographical expansion beyond primary Russian targets. While Anonymous-affiliated groups leaked exfiltrated data through the DDoSecrets platform, the Ukraine IT Army maintained focus on disruptive attacks, with @squad3o3 claiming supplemental information operations involving over 100 million messages sent to Russian citizens countering official narratives about the invasion. The incidents collectively demonstrated coordinated multi-group efforts combining immediate infrastructure disruption with psychological operations.