Cyber Incident Victim: Tetraedr
Date:
Feb 2022
Location:
Belarus
Summary
A Belarusian weapons manufacturer specializing in advanced electronic systems was breached by the hacker collective Anonymous, operating under the alias PWN-Bar Hack Team. The attackers exfiltrated approximately 200GB of internal emails, releasing the most recent 1,000 messages in .EML format and complete inbox archives in .PST format—though some files were reportedly corrupted—via the whistleblower platform DDoSecrets. The collective publicly mocked the cybersecurity defenses of Russia and allied Commonwealth of Independent States nations, framing the operation as part of #OpCyberBullyPutin to demonstrate regional vulnerabilities. Anonymous emphasized their intent to disrupt entities supporting geopolitical aggression while promoting unrestricted information access.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On or around February 26, 2022, the international hacker collective Anonymous breached the systems of Belarusian weapons manufacturer Tetraedr, exfiltrating approximately 200GB of internal email communications. The group, operating under the alias "PWN-Bar Hack Team," publicly claimed responsibility for the intrusion on March 10, 2022, through a statement published on the whistleblower platform DDoSecrets. Anonymous released the 1,000 most recent emails from employee inboxes in .EML format while also making a complete archive of each inbox available in .PST format, though they noted potential file corruption during the export process. The attack targeted Tetraedr, a private company founded in 2001 that specializes in developing advanced radio-electronic weapons systems for Belarus, a key ally of Russia during its invasion of Ukraine.
The hackers framed their actions as part of #OpCyberBullyPutin, a cyber campaign against Russia and its Commonwealth of Independent States (CIS) allies, explicitly citing Belarusian dictator Alexandr Lukashenko's support for Vladimir Putin's military operations. In their statement, Anonymous mocked Russian cybersecurity capabilities, stating: "Our Russian ATP friends seem kind of out of shape... We thought they needed a reminder of what real hacking is like." The collective characterized the breach as both retaliation against Belarus's logistical support for the invasion and a demonstration of inadequate cyber defenses across Russia-aligned nations. The compromised data was transferred exclusively to DDoSecrets, a nonprofit transparency platform established in 2018, rather than being widely disseminated. No details regarding Tetraedr's internal detection mechanisms, incident response protocols, or containment efforts were disclosed in available reporting. The incident exposed internal communications from a manufacturer of military technology actively involved in regional conflict, though specific operational impacts or subsequent investigations remain undocumented in public sources.