iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Ukrainian hacktivists have taken revenge on Russia for its attack on the Kyivstar with a telco attack of their own.
According to law enforcement sources speaking with Ukrainian media, a Ukraine-based hacking group attacked Russian internet provider M9com.
“Hackers from the Blackjack group, who are likely related to the SBU [Security Service of Ukraine], hacked the Moscow-based internet service provider M9com and destroyed its servers,” the source told Ukrinform.
The source added that the hackers deleted roughly 20 terabytes of data, including M9com’s official website, mail server, cyber protection services, the websites of M9com’s branches and more, the result of which left a large portion of Moscow’s residents without TV or internet.
Cyber Daily has since observed that M9com’s website is back online.
On top of the deleted data, the hackers exfiltrated over 10 gigabytes of data and made them publicly accessible via TOR. The data was stolen from M9com’s client databases and mail server.
According to the source, the attack on M9com was simply a “warm-up attack” and that more would come as part of its “serious revenge for Kyivstar”.
The Russian attack on Kyivstar occurred on 12 December last year and resulted in Kyivstar’s over 25 million customer base, which is over half the country’s population, being without mobile and home internet services. The outages lasted roughly five days.
Later reports found that the attack on Kyivstar resulted in thousands of the telco’s computers and servers being wiped.
The attack was claimed on Kyivstar was claimed by the Russian Solntsepek hacking group.
“We, the Solntsepek hackers, take full responsibility for the cyber attack on Kyivstar. We destroyed 10 thousand computers, more than 4 thousand servers, all cloud storage and backup systems,” said the group on Telegram.
“We attacked Kyivstar because the company provides communications to the Armed Forces of Ukraine, as well as government agencies and law enforcement agencies of Ukraine.”
The group is believed to be connected to the Sandworm Russian military hacking group.
Researchers at cyber security firm CrowdStrike believe that a Russian GRU adversary could have been responsible for the breach.
“CrowdStrike Counter Adversary Operations assesses with moderate confidence that the tradecraft in the attack against Kyivstar is likely attributable to Russian GRU adversary Voodoo Bear, operating under pro-Russian hacktivist persona Solntsepek,” said Adam Meyers, head of counter adversary operations at CrowdStrike.
“Reports around the destruction of Kyivstar’s virtual infrastructure coincide with reports of air raid sirens in Kiev malfunctioning, as well as payment terminals and multiple banks suffering disruption, and issues reported with payment for public transportation.”
Be the first to hear the latest developments in the cyber industry.
