The pro-Ukraine hacktivist group from the Ukrainian Cyber Alliance claimed last week that they had compromised and deleted the infected servers of the Russian internet service provider Nodex.
The hackers announced the attack on Telegram and revealed that they had emptied the St. Petersburg-based ISP’s equipment and backups. To prove the legitimacy of its claims, the attackers have also provided pictures of the Russian ISP’s VMware, Veeam backup, and Hewlett Packard Enterprise virtual infrastructure, which they infiltrated during the cybersecurity breach.
Nodex confirms the allegations made by the Ukrainian hacking group.
Nodex verified the Ukrainian Cyber Alliance’s accusations earlier this week. Hence, it warned its customers in a public post that its “network is destroyed” due to what it described as a planned attack that most likely originated in Ukraine.
The post discussed the affected entity’s compromised infrastructure status. The ISP explained that the attackers destroyed its networks but are trying to restore them through backups.
However, they do not have a clear timeline for fixing their servers since their first objective is to restore the telephone service and the call centre.
Furthermore, a Russian internet monitoring organisation reported the fixed-line and mobile service connectivity collapsing on Nodex’s network this week following the ISP’s acknowledgement of a hack.
The initial report of this incident is when a researcher noticed that Nodex’s website remained down, and that the Russian Internet provider was still working to restore infrastructure.
Since then, the ISP has provided more updates on the restoration process, informing subscribers that the network core has been restored and that its engineers are working to reset switches. The Russian internet provider also announced later that they had brought online a DHCP server and that Internet access should now be available to many users.
The Ukrainian Cyber Alliance has been active since 2016 when several hackers and hacker organisations teamed up to defend their country from Russian cyber warfare and registered as an NGO.
The back-and-forth of cyberattacks between the two countries will likely continue as long as the geopolitical conflict persists. Still, the ordinary people of both nations are most affected by these activities as they suffer from the ongoing war.