Limited distribution: Technoserv (1.2 TB)

We've listed a collection from the Russian IT company with an estimated net revenue of $107 million. Technoserv was founded by brothers Dmitry & Alexei Ananyev, formerly of Promsvyazbank or PSB

Screenshot supplied by the hackers to the Kyiv Post, which they said “demonstrates that over 1.2 terabytes of data had been taken.”

We have listed in our archive 1.2 TB of files from Technoserv, also called T1 Integration, a group of IT companies specialized in systems integration, networking and cloud services, information security, and data-mining. We have added these files to our Limited Distribution section, which means they are available for requests from researchers with a publication history.

According to the Kyiv Post:

Technoserv is “Russia’s largest systems integrator – which operates in various countries in a consultancy capacity. The company is headquartered in Moscow, has an estimated net revenue of $107 million, and is owned by brothers Dmitry and Alexei Ananyev. According to a 2022 article in the The Belfast Telegraph, the brothers also own Promsvyazbank.”

The article in the Telegraph, however, states that the brothers owned Promsvyazbank, until it was seized by the Russian state in 2017. From the Belfast Telegraph, after the bank was seized:

According to UK Government sources, Promsvyazbank now services 70% of state contracts signed by Russia’s defence ministry and is a “pivotal bank” for the country’s military-industrial complex.

The Ananyev brothers fled Russia in 2017 and 2018 for exile in Cyprus and London. Technoserv (or ТЕХНОСЕРВ АС ООО) might have also changed ownership around the same time.

According to the hackers, the 1.2 TB of data includes approximately a million files of AutoCAD designs, contracts with Technoserv’s clients and partners, and employee PII.

Disclaimer

This dataset was released in the buildup to, in the midst of, or in the aftermath of a cyberwar or hybrid war. Therefore, there is an increased chance of malware, ulterior motives, altered or implanted data, and false flags/fake personas. As a result, we encourage readers, researchers and journalists to take additional care with the data.

This is a standard disclaimer that will be added to all datasets in the Cyberwar category, even absent specific suspicions.

Any specific concerns will be added and noted below:

• There is debate about the existence and claims of the group taking credit for the hack.

• The source delivered the files through an intermediary, and declined our request to contact us.

• There were inconsistencies in what was communicated, like various overly speculative, exaggerated, and misleading statements about the data and its implications.

• There was repeated pressure to publish immediately, which we declined to do.

• It feels like a psychological operation.

Reminder

Wow, you read this far? Thank you, you must really like us. You might be interested to know we are running an end-of-year fundraiser to help sustain our work in 2023. Please pitch in if you can, and tell your friends.