Russian port operator Port Alliance said it was in its third day of disruptions due to a cyberattack “from abroad” that targeted key parts of its digital infrastructure — the latest in a series of incidents affecting critical facilities amid the war between Russia and Ukraine.
In a statement on Thursday, the company said the attackers launched a distributed denial-of-service (DDoS) assault and attempted to breach its networks. The goal, Port Alliance claimed, was to “destabilize operations and disrupt business processes” tied to exports of coal and mineral fertilizers through its seaports in the Baltic, Azov–Black Sea, Far Eastern and Arctic regions.
Despite the scale and intensity of the attack, the company said its terminals and related facilities continued to operate normally. “All key systems remain operational, and port and terminal business processes have not been affected,” it said.
According to Port Alliance, the hackers used a botnet of more than 15,000 unique IP addresses from around the world — including some within Russia — and continuously changed tactics to evade security defenses.
Port Alliance operates six maritime terminals along key transport routes, with an annual cargo turnover of coal and mineral fertilizers exceeding 50 million tonnes.
The company did not attribute the attack to a specific hacker group.
Cyberattacks on transport and logistics networks have intensified since Russia’s invasion of Ukraine in 2022, with both Russian and Ukrainian hackers frequently using DDoS attacks to disrupt infrastructure on either side.
On Thursday, Ukraine’s WOG gas station chain reported a large-scale cyberattack that temporarily disrupted its online services. Access was restored later that evening, though the company did not provide further details.
Allied nations have also faced digital threats. Earlier this week, websites belonging to the Danish government and several defense companies were briefly taken offline in a DDoS attack that Danish authorities said likely originated in Russia. The pro-Russian group NoName057 claimed responsibility for the attacks, though the authenticity of those claims is difficult to verify.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
