Cyber Incident Victim: State Atomic Energy Corporation ROSATOM
Date:
Feb 2022
Location:
Russia
Summary
A hacker group known as AgainstTheWest claimed responsibility for breaching a Russian state nuclear energy corporation, posting screenshots indicating unauthorized access to internal project reports and testing environments. The incident raised concerns about potential vulnerabilities within the organization responsible for nuclear infrastructure, though operational impacts remained unclear. This breach occurred amidst broader cyber activities targeting Russian entities following geopolitical tensions, with multiple collectives conducting disruptive operations against state-affiliated websites and media outlets. The attackers leveraged publicly accessible tools to facilitate distributed denial-of-service campaigns and encouraged civilian participation in cyber operations against perceived disinformation sources.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around February 24, 2022, the hacker group "AgainstTheWest" (ATW) breached Rosatom, Russia’s state nuclear energy corporation founded by Vladimir Putin in 2007. ATW publicly claimed responsibility for the intrusion and posted screenshots on Twitter as evidence of their access. These screenshots displayed internal project headings from Rosatom’s Allure Reports system, including "Clone RA," "RosatomCareerSiteAutoTests," and "FirstTestProject," though the exact nature of these projects was not detailed in available reports. The breach targeted systems associated with Rosatom’s career site and testing infrastructure, suggesting potential access to development or human resources platforms. At the time of reporting, it remained unclear whether the compromise disrupted Rosatom’s daily operations or affected critical nuclear infrastructure. The incident raised concerns due to Rosatom’s role in managing nuclear power plants and its strategic importance to the Russian state.
This breach occurred amid a wave of cyber operations targeting Russian entities following the country’s invasion of Ukraine on February 24, 2022. Multiple hacktivist groups, including the prominent collective Anonymous, launched attacks against Russian state-controlled media outlets such as TASS, Kommersant, Izvestia, Fontanka, and RBC, temporarily forcing them offline. ATW’s intrusion aligned with this broader campaign, which involved at least a dozen distinct hacker groups supporting Ukraine through digital means. Simultaneously, unidentified actors created web-based tools enabling public participation in distributed denial-of-service (DDoS) attacks against Russian websites accused of spreading disinformation. Cybersecurity firms further amplified these efforts by developing apps that allowed civilians to join coordinated cyberattacks. The Rosatom breach exemplified the heightened targeting of Russian critical infrastructure during this period, though definitive technical details about data exfiltration, malware deployment, or Rosatom’s incident response protocols were not publicly disclosed in initial reports.