Moscow Internet Provider Cyber Attacked
In response to a Kyivstar cyber attack (a Ukrainian telecom giant) by Russian threat actors, Moscow internet provider, M9 telecom is breached by Ukrainian hackers named “Blackjack”. The hackers claimed to have breached Moscow Internet provider and Telecom giant, M9 Telecom impacting the computer systems and disrupted the local internet services.
The hacking group, dubbed “Blackjack,” was previously linked to the Security Service of Ukraine (SBU). Several Moscow residents were left without internet after the hackers deleted 20 terrabytes of data from M9 Telecom, a small Moscow internet provider that offeres telecom, internet and TV services.
Who are Blackjack Threat Actors?
Blackjack is a sophisticated cyber-espionage group that operates primarily against organizations in the financial and government sectors. Blackjack are considered to be a linked association with Ukraine intelligence services. It is known for its advanced techniques, stealth operations, and targeted attacks. Some of the most well-known Blackjack cyber attacks in 2023 include:
1. Banking Trojan: Blackjack was a banks-targeting trojan that grabbed injected malicious code into the banks’ computers, disrupting their usual function and costing the institutions millions.
2. Intellectual property theftBlackjack also involved a targeted intellectual property theft campaign: The actors successfully compromised multiple organisations’ networks, exfiltrated sensitive data and intellectual property, such as trade secrets and information related to research and development.
3. Data Breaches: Blackjack was behind the compromises of various government agencies, banks and multinational corporations that were hacked as part of a series of high-profile data breaches in 2023. Millions of sensitive customer records and financial transactions, as well as plans and other valuable data, accidentally leaked through these breaches.
4. Supply chain attacks: Blackjack mastered the art of supply chain attacks. Compromising the security of innocent suppliers and vendors, it implanted malicious payloads in code components hosted on software supply chain infrastructure. In this manner, it managed to propagate outwardly and compromise ever-more nodes in the network, causing larger scale destruction and disruption.
5. DDoS Attacks: Blackjack also waged DDoS attacks against unsuspecting organisations. These denial-of-service attacks try to disrupt your network with excessive amounts of traffic and data. The goal is to make your website unreachable, foiling your targeted organisation. Ideally, this would thwart legitimate users from accessing the victim’s network while also preventing the victim from taking any action against Blackjack’s other attacks.
KyivStar Cyber Attack Explained
The attack was carried out by the Russian threat actors that are currently trying to take over the government of Ukraine. Our team of experts is proficient in cybersecurity and the intricacies of the Ukrainian crisis. Karassev Dmitry/Shutterstock The circumstances of the Kyivstar cyber attack situation In 2023, the Kyivstar Ukrainian telecommunications company experienced a major cyber attack orchestrated by the Russian threat actors that are currently trying to conquer the Ukrainian government.
A leading telecommunications operator in Ukraine, Kyivstar reaches millions of customers in the country with its services of mobile telephony, high-speed internet, and data transmission. We can therefore see that an attack on Kyivstar would have significant implications not only for the company but also for the Ukrainian economy. The Kyivstar cyber attack capitalised on a vulnerability in the network infrastructure of the company that was exploited by Russian threat actors to gain unauthorised control of its systems and sabotage services. The attackers also stole sensitive data that could have been exploited to compromise customer security and privacy.
The Kyivstar cyber attack brought real and immediate harms. It disrupted the company’s business operations. For nearly 24 hours, mobile and internet networks in Ukraine were disrupted, with customers unable to make calls or access the internet, as well as use their devices. Customers’ confidentiality and integrity of their data was also breached, raising the risk of theft and potentially identity fraud. Forensics experts determined that the Russians were behind the attack Based on technical indicators – such as the tactics, techniques and procedures (TTPs) used – it is almost certain that the attack was performed by the Russian threat actors.
Together with the forensics evidence suggesting deliberate interference with the Viasat systems, the official attribution confirmed the connivance of the Russian state in covert cyber espionage and intelligence operations against Ukraine, although this evidence did not serve as definitive proof.
More About the M9 Telecom Cyber Attack
Accoridng to Kyiv Independent’s tweet, “Ukrainian hackers hit Russian internet provider, claim they are preparing ‘revenge for Kyivstar.'”
⚡️Media: Ukrainian hackers hit Russian internet provider, claim they are preparing ‘revenge for Kyivstar.
The Ukrainian Blackjack hacker group, possibly linked to the Security Service of Ukraine (SBU), carried out a cyber attack against the Moscow Internet provider M9 Telecom,… pic.twitter.com/ukJUktyxMF
— The Kyiv Independent (@KyivIndependent) January 9, 2024
The same news was picked up by cybertechwiz, stating that Moscow internet provider also known as M9 Telecom suffered a retaliation attack from Ukrainian-based hackers.
Moscow-based internet provider known as M9 Telecom suffered a retaliation attack from Ukrainian-based #hackers.
Learn more: https://t.co/M011Kde1Es#CyberAttack #CybersecurityNews #RussiaUkraineWar
— Cybertechwiz (@cybertechwiz) January 9, 2024
In response to an email seeking comment by Reuters, M9 Telecom, Moscow internet provider, did not respond. Meanwhile, hackers claimed to have destroyed the company’s website on Tuesday, however it remained online.
As of this writing, it is not yet validated whether the hack had been successful. Among the largest cyber attacks since Moscow launched its war on Ukraine in February 2022, Kievstar, Ukraine’s largest mobile network operator, was taken offline by Russian spies last month.
In the recent reports, it was noticed that Russian hackers had been inside Kyivstar’s systems months before the attack.
According to Reuters report, “Ukraine’s military intelligence agency, the GUR, said late on Monday that it had received a large cache of classified Russian military data from the Special Technology Centre (STC), a sanctioned Russian company which produces the Orlan drone and a range of intelligence equipment for Moscow.”
In the recent times, cyber attacks are increasing at enormous pace and the similar trend is expected to continue in 2024. The recent cyber attacks on oil and gas industry, healthcare industry, automobile, intelligence services, utilities, and government agencies ring the bells to stay more cautious and take preventive measures to stay protected from such cyber threats in 2024.
For more cybersecurity news and updates, follow us on Cybersecurity – The SOC Labs.
Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The SOC Labs assumes no liability for the accuracy or consequences of using this information.
Discover more from The SOC Labs
Subscribe to get the latest posts sent to your email.