Ukrainian hacktivists from the Ukrainian Cyber Alliance group claimed responsibility for breaching the Russian internet service provider Nodex, based in St. Petersburg. The attack led to the exfiltration of sensitive documents, and the hackers wiped the affected systems, leaving behind empty equipment without backups. The breach was confirmed by Nodex, which acknowledged the destruction of its network and described the attack as originating from Ukraine. Screenshots of the hacked VMware, Veeam backup, and Hewlett Packard Enterprise infrastructure were shared by the hacktivists, showcasing the scope of their intrusion.
Nodex’s official response outlined the severity of the attack, stating that its network had been destroyed, and efforts to restore services from backups were underway. The company prioritized restoring telephony and call center services, but did not provide a clear timeline for when full recovery would be achieved. Internet monitoring organization NetBlocks also reported that Nodex’s fixed-line and mobile services had collapsed after the attack. Although the ISP struggled with the recovery process, updates indicated gradual restoration, with key infrastructure components such as the network core and DHCP server being brought online.
The Ukrainian Cyber Alliance, which has been active since 2016, is known for conducting cyberattacks against Russian entities as part of its efforts to defend Ukraine against Russian cyber aggression. The group consists of various hacker factions, including FalconsFlame, Trinity, RUH8, and CyberHunta, and has claimed responsibility for many high-profile breaches in Russia. Notable attacks attributed to the alliance include breaches of Russian military institutions, government bodies, and even high-level individuals, further escalating the ongoing cyber conflict between the two nations.
In addition to the attack on Nodex, the Ukrainian Cyber Alliance made headlines in October 2023 by hacking the Trigona ransomware gang’s servers, wiping them clean, and stealing valuable data such as source code, database records, and cryptocurrency wallets. This action reflects the growing trend of cyber activism, where hacktivists target critical infrastructure and criminal organizations as part of broader geopolitical and ideological battles. The attack on Nodex is a reminder of the intensity of cyber warfare and the evolving tactics used by hacktivist groups in the ongoing conflict.
Reference:
