A hacking group linked to Ukraine’s main spy agency the SBU has launched a destructive cyber-attack against a Moscow ISP in retaliation for Russia’s takedown of Kyivstar last month, according to reports.
A source “with direct knowledge of the operation” told Reuters yesterday that the “Blackjack” group deleted 20TBs of data at M9 Telecom, leaving some Moscow residents without internet.
The group wrote on its Telegram page that the attack “is just a continuation of the series of warm-up acts of retaliation for the civilian Kyivstar before the grown-up boom.”
It is unclear when the raid occurred. M9 Telecom’s website at least appears to be functioning, despite the hackers claiming “Moscow internet provider ‘M9com’ with all its data and backups was retired without much difficulty for us.”
It’s also unclear if or when the promised major attack in retaliation for Kyivstar will come. That Russian operation, carried out by the notorious state-backed Sandworm group, led to thousands of virtual servers and PCs being wiped at the country’s largest mobile operator, causing “disastrous” destruction.
In what is claimed to be the most destructive attack since Russia’s invasion, Sandworm was able to dwell without discovery inside Kyivstar’s networks for months before the attack, Reuters claimed.
Chris Anthony, a US military intelligence veteran and current CEO of TeamWorx Security, argued that organizations are still struggling to identify living-off-the-land (LOTL) techniques that enable hackers to stay hidden.
“The threat of LOTLs lies in their legitimate appearance and versatile nature, which make them a stealthy and effective tool for attackers,” he added.
“Awareness and monitoring of the usage of these tools are essential in a comprehensive cybersecurity strategy. Defending against known and unknown threats requires shared awareness, collaboration, transparent system knowledge and auditing, monitoring and user training.”
In better news for Ukraine, the country’s main military intelligence directorate (GRU) claimed on Monday that it had received 100GB of classified data from Russian firm Special Technology Center (STC).
The sanctioned firm produces Orlan drones and other intelligence equipment for the Russian military.