iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
A Russian internet service provider (ISP) has confirmed that Ukrainian hackers breached its network and erased data from its systems.
Earlier this week, hackers from the Ukrainian Cyber Alliance Group claimed to have breached Russian ISP Nodex, exfiltrated documents and wiped accessed systems.
In a post to Telegram, the group showed proof of the cyber attack, demonstrating a drop in internet connectivity, as well as screenshots of Nodex’s VMBackup, Veeam Backup and Hewlett Packard Enterprise back end.
“The Russian internet provider Nodex in St. Petersburg was completely looted and wiped,” the Ukrainian Cyber Alliance announced in the post.
“Data exfiltrated, while the empty equipment without backups was left to them.”
ℹ️ Confirmed: Metrics show that connectivity has collapsed on Russian internet operator Nodex, as the company reports a cyberattack from Ukraine resulting the destruction of its networks; the incident affecting fixed-line and mobile services is ongoing 📉 pic.twitter.com/wY6ZCJV4h3
— NetBlocks (@netblocks) January 7, 2025
Nodex has now confirmed the incident, attributing the attack to Ukraine.
“Dear subscribers! There was a planned attack on the network infrastructure at night (presumably from Ukraine),” the ISP said in a post on VKontakte.
“The network has been destroyed. We are raising it from backup copies. There are no deadlines or forecasts. First, we will raise the telephone and call centre.”
Nodex has since announced that recovery has begun, and its DHCP server has been restored.
“Many people should now have internet access. Please restart your routers,” said the firm.
At the time of writing, Cyber Daily can confirm that the Russian ISP’s website is still inaccessible, displaying a timeout error.
Cyber attacks on communications and critical infrastructure have been ongoing during the war in Ukraine. In December 2023, Russian hackers wiped the systems of Ukraine’s top telco Kyivstar, resulting in service outages.
In response, Ukrainian hacktivists from the Blackjack group breached the Russian M9com telco, deleting roughly 20 terabytes of data, including M9com’s official website, mail server, cyber protection services, the websites of M9com’s branches and more, the result of which left a large portion of Moscow’s residents without TV or internet.
The most recent attack also comes as Russia tests the idea of restricting its users to its own sovereign network rather than allowing them to access the global web.
As reported by Gizmodo, Russia’s federal internet regulatory agency Roskomnadzor trialled this last year by restricting global internet access for a day in a number of regions. These regions, which were largely Muslim-majority areas, prevented even VPN users from accessing servers outside of Russia.
Additionally, in October 2024, Roskomnadzor banned access to discord in Russia, claiming it violated Russian law by not deleting content it deemed illegal.
“The access to the Discord is being restricted in connection of violation of requirements of Russian laws, compliance with which is required to prevent the use of the messenger for terrorist and extremist services, recruitment of citizens to commit them, for drug sales, and in connection with unlawful information posting,” said Roskomnadzor in a statement shared with Russian state-controlled news agency TASS.
Be the first to hear the latest developments in the cyber industry.
