Read Time:1 Minute, 46 Second

On January 8, 2025, a significant cyber incident unfolded as the Russian internet service provider (ISP) Nodex confirmed that its network had been “destroyed” following a coordinated attack by Ukrainian hacktivists from the Ukrainian Cyber Alliance. This breach involved not only the theft of sensitive documents but also the complete wiping of critical systems, leaving Nodex with empty equipment and no backups.

Details of the attack

The Ukrainian Cyber Alliance, which has been active since 2016, announced via Telegram that they had successfully infiltrated Nodex’s infrastructure based in St. Petersburg. They claimed to have exfiltrated data and shared screenshots showcasing their access to Nodex’s VMware, Veeam backup systems, and Hewlett Packard Enterprise virtual infrastructure. This level of access indicates a sophisticated operation aimed at crippling the ISP’s capabilities. In a post on VKontakte, Nodex acknowledged the attack, stating, “Dear subscribers! Last night, an attack was carried out on our infra (presumably from Ukraine). The network has been destroyed. We are restoring it from backups.” The ISP reported that it was prioritizing the restoration of telephony services and its call center but did not provide a specific timeline for full recovery.

Impact on services

The repercussions of this cyberattack were immediate and severe. Internet monitoring organization NetBlocks observed a collapse in both fixed-line and mobile connectivity across Nodex’s network around midnight following the attack. As of now, Nodex’s website remains down, and the ISP continues to work on restoring its systems. However, updates from Nodex indicate some progress; they reported that the core network has been restored and that engineers are actively resetting switches. By mid-afternoon, they announced that a DHCP server was back online, allowing many customers to regain internet access by simply rebooting their routers.

Background on Ukrainian cyber alliance

The Ukrainian Cyber Alliance is a coalition of various hacker groups formed to defend Ukraine against cyber threats stemming from Russian aggression. Since its inception, the group has claimed responsibility for numerous high-profile breaches affecting Russian organizations, including government entities and military institutions. Notably, in October 2023, they successfully hacked and wiped servers belonging to the Trigona ransomware gang.

Leave a Reply

Your email address will not be published. Required fields are marked *