Cyber Incident Victim: State Atomic Energy Corporation ROSATOM
Date:
Mar 2022
Location:
Russia
Summary
Anonymous breached the Russian state nuclear energy corporation ROSATOM, exfiltrating and leaking gigabytes of internal data. The hacktivist collective concurrently defaced Russian government websites with anti-war messages, disrupted military communications by intercepting unencrypted battlefield transmissions, and seized control of numerous government printers and network cameras. These actions formed part of a broader campaign involving mass communication efforts to bypass state media censorship by directly informing Russian citizens about the Ukraine conflict through emails, SMS, and instant messages. The group's activities targeted multiple state entities and infrastructure to undermine governmental operations and disseminate uncensored information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around March 15, 2022, the hacktivist collective Anonymous conducted cyber operations against Russian entities in support of Ukraine during the ongoing invasion. The group announced it had successfully breached Rosatom State Nuclear Energy Corporation, Russia's state-owned nuclear energy and technology enterprise. Attackers exfiltrated gigabytes of internal organizational data from Rosatom's systems and subsequently began leaking this information publicly. This intrusion represented a significant compromise of a critical Russian infrastructure organization responsible for nuclear power, research, and high-tech industrial projects. Concurrently, Anonymous defaced the official website of Russia's Ministry of Emergencies, replacing its content with anti-war messages including "Don’t trust the Russian media – they are lying," "Full information about the war in Ukraine," and warnings about impending Russian economic default. These website alterations served both as propaganda countermeasures and as disruptions to official government communications channels.
The collective expanded its operations beyond these high-profile breaches through coordinated information warfare tactics. Anonymous established automated systems to distribute anti-war messages via email, SMS, and instant messaging platforms directly to Russian citizens, circumventing state-controlled media narratives. In military-focused operations, the group intercepted and disseminated unencrypted Russian military communications, including High Frequency transmissions and morse code signals from battlefield units. Complementary technical disruptions included GhostSec (an affiliated group) seizing control of over 100 government and military printers across Russia and Belarus, though specific impacts of these printer compromises weren't detailed. Anonymous also continued aggregating and distributing access credentials to thousands of surveillance cameras throughout both nations, potentially enabling monitoring of sensitive locations. These multi-vector operations combined data theft, system disruptions, propaganda distribution, and intelligence gathering to counter Russian government narratives and military operations during the conflict.