Russian ISP Nodex destroyed by pro-Ukraine hackers

Nodex, an internet service provider (ISP) based in St. Petersburg, Russia, has confirmed its network was destroyed by an operation conducted by a group of pro-Ukraine hackers known as the Ukrainian Cyber Alliance (UCA).

The UCA had announced that it had successfully ‘looted and wiped’ Nodex’s systems, leaving the company only with empty equipment. The group also posted screenshots of Nodex’s virtual backup infrastructure that was breached.

Stay on top of emerging threats.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up

In its original notice regarding the attack, Nodex explained that it is attempting to restore its services from backups, however, it offered no estimates on when this would be completed. Shortly afterward, Nodex announced it restored enough servers for most customers to regain access to the internet.

Source: Bleeping Computer

Analysis

This sort of destructive cyberattack on critical infrastructure is expected, given the current conflict between Russia and Ukraine. Both countries have been attributed to attacks on the others’ critical infrastructure. For example, in the days leading up to its invasion of Ukraine, Russia launched wiper attacks on Ukrainian networks with the intent of creating chaos and instilling fear in Ukraine’s populace.

Some attacks have been conducted by the countries’ intelligence services. Others, such as the Nodex attack, have been conducted by proxy groups such as the UCA. However, these proxy groups are likely sponsored, if not directly tasked, by each country’s respective intelligence services. By using proxies, both Russia and Ukraine can attempt to meet their strategic objectives while maintaining a degree of plausible deniability that it is not within the control of these groups.

While UCA’s attack may not have crippled Nodex for as long as the group had hoped, it could still potentially derive valuable intelligence from the data it exfiltrated. This could include phone numbers associated with military personnel, IP addresses associated with military infrastructure, the financial and personal information associated with Nodex’s customers, etc. All this information would be extremely useful to the Ukrainian government in its efforts to defend its sovereignty.

Mitigation

Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for threats that emerge in relation to Russia’s invasion of Ukraine. This research contributes to the timely deployment of signatures into Field Effect MDR to detect and mitigate the risk these threats pose.

Field Effect MDR users are automatically notified when various types of malicious activities are detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.

Related Articles

• FBI offers $10m reward for location of Russian hackers
• Russian hackers, Turla, use Amadey infrastructure to target Ukraine
• ‘Anonymous Sudan’ more likely a Russia-based group supporting a pro-Russian agenda