Russian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers

Russian internet provider Nodex reported on Tuesday that its network had been ruined in a cyberattack, which it suspects originated from Ukraine.

In a statement on the Russian social media platform VKontakte, the St. Petersburg-based company said the “planned” attack “destroyed” its infrastructure overnight. Nodex added that it was working to restore systems from backups but could not provide a timeline for when operations would fully resume.

“Our priority is to restore telephony and the call center first,” the company stated.

In an update on Wednesday, Nodex announced that it had restored its DHCP server, which assigns IP addresses and network settings to devices. “Many people should now have internet access. Please restart your routers,” the company advised.

Data from the internet monitoring service NetBlocks shows that Nodex’s connectivity collapsed at midnight on Tuesday, affecting both fixed-line and mobile services.

The Nodex website remains inaccessible, and customers have been complaining about the disrupted services on the company’s official social media page.

A hacker group known as the Ukrainian Cyber Alliance claimed responsibility for the attack on Monday, stating that the company was “completely looted and wiped, and its data exfiltrated.” 

“The empty equipment without backups was left to them,” the hackers added. On their Telegram channel, the group shared screenshots of hacked systems and data they allegedly stole..

The Ukrainian Cyber Alliance is a community of pro-Ukraine cyber activists formed in 2016, and has targeted Russian entities since it invaded Ukraine nearly three years ago. Last October, the group claimed responsibility for knocking out parking enforcement in the Russian city of Tver. The year before, the hackers claimed to have breached Russia’s national card payment system and obtained user data. 

The attack on Nodex is one in a series of recent cyber incidents against Russia claimed by a Ukrainian group. Earlier in January, cyber specialists from Ukraine’s military intelligence (HUR) said they attacked the Russian railway system operator, destroying its servers, disabling workstations and wiping backups.

In December, HUR claimed responsibility for the attack on Gazprombank, one of the largest financial institutions in Russia, reportedly causing widespread disruptions and leaving “hundreds of thousands of Russians unable to complete money transfers or online payments.” The targeted companies did not publicly acknowledge the attacks.