{
	"id": "b156b68e-7303-49d7-a2fd-8526fececea4",
	"created_at": "2026-04-06T00:18:18.213554Z",
	"updated_at": "2026-04-10T03:31:32.097789Z",
	"deleted_at": null,
	"sha1_hash": "6951c736b4e6993bbde24fc3718e7dac2df00b17",
	"title": "Anonymous Challenges Russia's Supposed Cyber Prowess With Repeat Rosatom Breach",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1497963,
	"plain_text": "Anonymous Challenges Russia's Supposed Cyber Prowess With\r\nRepeat Rosatom Breach\r\nBy Nica Osorio\r\nPublished: 2022-05-13 · Archived: 2026-04-02 12:07:07 UTC\r\nKEY POINTS\r\nAnonymous hits Russia's nuclear energy behemoth with repeat attack\r\nThis is the second breach of Rosatom in less than 3 months\r\nInitial set of 10,000 documents from hack to be released\r\nLeaked information contains contracts with clients, customers' personal information\r\nApart from vodka, Matryoshka dolls and Vladimir Putin, Russia is also famous — even feared — for its army of\r\nhackers. But since Kremlin's invasion of Ukraine in February, Russian government agencies, financial institutions,\r\noil and gas companies and even close circuit cameras across the country have come under relentless cyber attacks\r\nfrom Anonymous, the international decentralized hacking collective and movement.\r\nAnonymous' campaign has been highly effective: it hacked and defaced Russian websites and pried out sensitive\r\ninformation and data from Russia's business and government entities. The collective has promised it will not stop\r\nits crusade until the Kremlin ends its war against Ukraine and its latest exploit has been to hack none other than\r\nRussia's state-run nuclear energy behemoth Rosatom. Interestingly, it is the second time in less than three months\r\nAnonymous has breached Rosatom. The latest attack is bigger than the first one carried out in March, and despite\r\nthe Kremlin's supposed prowess in the cyber realm, it has not been able to prevent this repeat intrusion into one of\r\nits most valued companies.\r\nAnonymous' KelvinSecurity — the same group that hacked Nestle and leaked crucial data of the multinational\r\ncompany and its clients — was also behind the latest Rosatom breach, which scooped out 800,000 documents.\r\nMost of the documents are about the nuclear energy company's affiliates and clients.\r\nRosatom, with a 2020 revenue of $1.2 trillion, specializes in nuclear energy and supplies a fifth of the\r\ntranscontinental country's electricity. It is also one of the largest exporters of nuclear technology and products in\r\nthe world.\r\nhttps://www.ibtimes.com/anonymous-challenges-russias-supposed-cyber-prowess-repeat-rosatom-breach-leaks-data-3505131\r\nPage 1 of 6\n\nHacker man typing on laptop with flag of Russia overlay Jernej Furman/flickr.com\r\nThis time, the hacking collective leaked 5.63 GB of data from the Rosatom Customer System. The KelvinSecurity\r\nteam told International Business Times that the breach this time is more damaging to Rosatom than the March\r\nhack.\r\nA key KelvinSecurity member who uses the Twitter handle @Ksecureteamlab said this the exploit this time\r\n\"directly affects (Rosatom's) clients.\" A different team from the collective had leaked 15.3 gigabytes of data from\r\nRosatom in March, which included an email address hosted on ProtonMail, a free encrypted email provider.\r\nThe KelvinSecurity team plans to initially release \"about 10,000\" documents from the latest hack \"to expose the\r\nRussian company.\" This first set of documents, according to the group, impacts the company's clients as it\r\nincludes contracts with clients and even its customers' personal information and passport details.\r\nThe team shared documents from the breach with IBT as proof of their exploit (screenshots below).\r\nhttps://www.ibtimes.com/anonymous-challenges-russias-supposed-cyber-prowess-repeat-rosatom-breach-leaks-data-3505131\r\nPage 2 of 6\n\nLeaked Rosatom document sent by @Ksecureteamlab in Twitter DM\r\nhttps://www.ibtimes.com/anonymous-challenges-russias-supposed-cyber-prowess-repeat-rosatom-breach-leaks-data-3505131\r\nPage 3 of 6\n\nLeaked Rosatom document sent by @Ksecureteamlab in Twitter DM\r\nAmong the leaked documents is a passport issued in Uzbekistan (not shown here), while another appears to be a\r\ncopy of the \"Apatity Electric Grid Act (Google translation; Apatity is a town in Murmansk Oblast, Russia). The\r\nlast one shared with IBT looks like a power supply scheme diagram. The Rosatom leak is now available and those\r\ninterested can check out this link.\r\nThe Anonymous group said it does not have a list of Russian targets to hack, but that it swiftly targets any\r\ntechnology that it identifies as a threat to Ukraine's physical infrastructure — and that it will eventually target any\r\nhttps://www.ibtimes.com/anonymous-challenges-russias-supposed-cyber-prowess-repeat-rosatom-breach-leaks-data-3505131\r\nPage 4 of 6\n\nsuch Russian technology even if the said tech has not been used to attack any structure in Ukraine.\r\nKelvinSecurity team said that they already have information on the infrastructure and technology Russia is using\r\nand businesses that help the Russian army, but the collective has not yet attacked them.\r\nRussia, many analysts think, had prepared to invade Ukraine long before it started what the Kremlin calls a\r\n\"special military operation.\" However, it may have failed to anticipate the cyberattacks unleashed on it by\r\nAnonymous as part of the group's effort to support Ukraine's fightback.\r\nThe West has feared Russia would turn to more destructive cyber attacks as its military attack stalls in Ukraine,\r\nand Russian hackers have stepped up their attacks, but the collective was largely dismissive of that effort.\r\n\"There are Russian hackers [who] want to attack [using] Conti ransomware in their affiliate program; now they\r\nwant to increase their capacity but in reality, these hackers do not have political purposes, only financial,\"\r\nAnonymous said. Conti ransomware, believed to be distributed by Russia-based hackers, is considered as an\r\nextremely damaging exploit because of its speed in encrypting data and spreading to other systems.\r\nThese \"pro-Russian hacktivists perform simple attacks like web platform misconfiguration and low-level hacks,\"\r\n@Ksecureteamlab said. \"I consider lamers are launching DDoS attack[s] only and some malware infection\r\nmethods.\"\r\nlogo of KelvinSecurityTeam sent by @@Ksecureteamlab on Twitter DM\r\n\"Russian media like Russia Today are launching the campaign that I can personally qualify as an act of revenge\r\nsince Anonymous attacked the Russian media,\" @Ksecureteamlab said when asked if Anonymous' actions had\r\ntriggered the pro-Russian hackers.\r\nhttps://www.ibtimes.com/anonymous-challenges-russias-supposed-cyber-prowess-repeat-rosatom-breach-leaks-data-3505131\r\nPage 5 of 6\n\n@Ksecureteamlab alleged that the Russian media is working with \"digital pirates\" to falsify images, attack\r\nplatforms and make their exploits \"trend.\"\r\nAnonymous shared that these actors are either people who identified with Russia and were deeply immersed in the\r\ncountry's brainwashing and propaganda, or \"mass media seeking acts of revenge\" because they were dismissed,\r\nincluding those who \"resigned from these media [outlets], due to their new campaign to support Russia.\"\r\nAnother group, according to Anonymous, is composed of \"government actors and intelligence agencies, who want\r\nto carry out espionage and malware development to interfere with the physical infrastructure system.\"\r\n@Ksecureteamlab also shared that these actors have (always) launched ransomware attacks in the U.S. and \"their\r\nparticipation, in my opinion, is the same as their daily routine model.\"\r\n© Copyright IBTimes 2026. All rights reserved.\r\nSource: https://www.ibtimes.com/anonymous-challenges-russias-supposed-cyber-prowess-repeat-rosatom-breach-leaks-data-3505131\r\nhttps://www.ibtimes.com/anonymous-challenges-russias-supposed-cyber-prowess-repeat-rosatom-breach-leaks-data-3505131\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"MISPGALAXY"
	],
	"references": [
		"https://www.ibtimes.com/anonymous-challenges-russias-supposed-cyber-prowess-repeat-rosatom-breach-leaks-data-3505131"
	],
	"report_names": [
		"anonymous-challenges-russias-supposed-cyber-prowess-repeat-rosatom-breach-leaks-data-3505131"
	],
	"threat_actors": [
		{
			"id": "63f532e6-4b4a-4f17-bbff-8517f0dd1868",
			"created_at": "2024-01-09T02:00:04.192588Z",
			"updated_at": "2026-04-10T02:00:03.507424Z",
			"deleted_at": null,
			"main_name": "KelvinSecurity",
			"aliases": [],
			"source_name": "MISPGALAXY:KelvinSecurity",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434698,
	"ts_updated_at": 1775791892,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6951c736b4e6993bbde24fc3718e7dac2df00b17.pdf",
		"text": "https://archive.orkl.eu/6951c736b4e6993bbde24fc3718e7dac2df00b17.txt",
		"img": "https://archive.orkl.eu/6951c736b4e6993bbde24fc3718e7dac2df00b17.jpg"
	}
}