Cyber Incident Victim: Avanpost

On July 1, 2024, pro-Ukrainian hacker group Cyber Anarchy Squad claimed responsibility for a cyberattack against Russian cybersecurity firm Avanpost, which had operated for 15 years developing authentication systems for Russian businesses. The group asserted they encrypted over 400 virtual machines running Linux or Windows alongside most employee physical workstations during the attack, which occurred over the preceding weekend. Cyber Anarchy Squad further reported destroying more than 60 terabytes of data while exfiltrating and leaking 390 gigabytes of what they described as "valuable information." Avanpost confirmed the incident on Sunday, characterizing it as a "serious cyberattack" but declined to specify the extent of damage or confirm data compromise. The company emphasized protecting customer data as its top priority while undertaking restoration measures for affected information systems.

Avanpost issued precautionary guidance to clients—including Russian airports, a major water utility, and telecommunications providers—advising password updates and credential rotations. The firm cautioned against relying on unverified claims, directing stakeholders to official communications. Cyber Anarchy Squad disseminated portions of allegedly stolen data via Telegram and Mega file-sharing services, including screenshots purportedly showing internal employee discussions about the breach, though independent verification of these materials remained unavailable. The attack followed Cyber Anarchy Squad's June 2023 breach of Russian telecom provider Infotel, which acknowledged network equipment damage. Russian authorities had previously arrested an 18-year-old student in October 2023 for alleged collaboration with the group targeting government and academic entities, a development the hackers referenced without directly confirming involvement. Avanpost did not disclose intrusion vectors, attacker tools, or specific data types impacted.