This article discusses a recent cyber-attack carried out by the hacking group known as “Blackjack” in retaliation for Russia’s takedown of a Ukrainian telecom provider. The attack targeted M9 Telecom [6], a Moscow-based ISP [1] [4] [5], resulting in significant data loss and service disruption. This incident is part of an ongoing pattern of cyber retaliation between Ukraine and Russia.
Description
In a recent act of retaliation, the hacking group known as “Blackjack,” believed to be associated with Ukraine’s Security Service (SBU) [1], launched a cyber-attack against M9 Telecom [5], a Moscow-based ISP [1] [4] [5]. This attack was in response to Russia’s takedown of Kyivstar, a Ukrainian telecom provider [4] [6]. The group successfully deleted approximately 20 terabytes of data, resulting in the destruction of M9 Telecom’s servers [4] [6], website [1] [3] [4] [5] [6], branch websites [3] [4], and mail server [3] [4]. As a result, some Moscow residents were left without internet access [5]. The attack is seen as a continuation of previous acts of retaliation [5].
The Blackjack group has claimed that this attack was just a warm-up for a more serious assault to come [4]. They have also publicly released 10GB of data from M9 Telecom’s mail servers and client database [4]. The specific date of the attack is unknown, but M9 Telecom’s website is still functioning [5]. The group has confidently stated that they were able to retire the ISP and its data without difficulty.
This attack highlights the ongoing struggle for organizations to identify the techniques used by hackers to stay hidden. The Sandworm group [5], responsible for the takedown of Kyivstar, was able to dwell undetected in their networks for months before launching the attack. As a result, the anticipated major attack promised by Sandworm in retaliation for Kyivstar’s takedown remains uncertain.
In more positive news for Ukraine, their military intelligence directorate has claimed to have received classified data from a Russian firm [5]. The incident involving Blackjack’s cyberattack on M9 Telecom is part of a larger pattern of cyber retaliation between Ukraine and Russia. The attack targeted M9 Telecom [6], a Moscow-based ISP [1] [4] [5], and resulted in the destruction of the provider’s servers and the deletion of 20 terabytes of data [6]. The hackers also stole data from M9 Telecom’s mail servers and client databases [6]. This attack follows a previous cyberattack by Blackjack on a Russian water utility company [6]. The attack on Ukraine’s telecom provider last month caused widespread service disruption [6], and experts predict that more destructive cyberattacks will occur in the future [6]. The incident highlights the need for continuous monitoring [6], threat hunting [6], and robust cybersecurity measures to detect and mitigate advanced persistent threats [6]. Organizations must also consider the technical and geopolitical implications of cyberthreats [6]. The SBU’s cyber chief warned that Russia’s compromise of Kyivstar should serve as a warning to Western countries about sophisticated Russian cyber threats [2].
Conclusion
The cyber-attack on M9 Telecom by the Blackjack group has had significant impacts, including the destruction of servers [4], data loss, and service disruption for Moscow residents. This incident is part of an ongoing cycle of cyber retaliation between Ukraine and Russia, with both sides engaging in offensive cyber operations. The incident underscores the need for organizations to enhance their cybersecurity measures, including continuous monitoring and threat hunting [6], to detect and mitigate advanced persistent threats [6]. Additionally, the technical and geopolitical implications of cyber threats must be carefully considered. As experts predict more destructive cyberattacks in the future [6], it is crucial for Western countries to take note of the sophisticated Russian cyber threats highlighted by the compromise of Kyivstar.
References
[1] https://news.yahoo.com/hackers-hit-moscow-internet-provider-142312174.html
[2] https://www.darkreading.com/ics-ot-security/ukraine-claims-revenge-hack-against-moscow-internet-provider
[3] https://www.ukrinform.net/rubric-ato/3810972-ukrainian-hackers-leave-part-of-moscow-without-internet-access-source.html
[4] https://www.techradar.com/pro/ukraine-blackjack-hackers-take-down-moscow-isp-in-revenge-for-kyivstar-attack-but-apparently-theyre-just-warming-up
[5] https://www.infosecurity-magazine.com/news/ukrainian-blackjack-hackers/
[6] https://siliconangle.com/2024/01/09/blackjack-hackers-target-moscow-isp-retaliation-kyivstar-cyberattack/
