Russian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers

Avatar

Russian internet provider Nodex reported on Tuesday that its network had been ruined in a cyberattack, which it suspects originated from Ukraine.

In a statement on the Russian social media platform VKontakte, the St. Petersburg-based company said the “planned” attack “destroyed” its infrastructure overnight. Nodex added that it was working to restore systems from backups but could not provide a timeline for when operations would fully resume.

“Our priority is to restore telephony and the call center first,” the company stated.

In an update on Wednesday, Nodex announced that it had restored its DHCP server, which assigns IP addresses and network settings to devices. “Many people should now have internet access. Please restart your routers,” the company advised.

Data from the internet monitoring service NetBlocks shows that Nodex’s connectivity collapsed at midnight on Tuesday, affecting both fixed-line and mobile services.

The Nodex website remains inaccessible, and customers have been complaining about the disrupted services on the company’s official social media page.

A hacker group known as the Ukrainian Cyber Alliance claimed responsibility for the attack on Monday, stating that the company was “completely looted and wiped, and its data exfiltrated.” 

“The empty equipment without backups was left to them,” the hackers added. On their Telegram channel, the group shared screenshots of hacked systems and data they allegedly stole..

The Ukrainian Cyber Alliance is a community of pro-Ukraine cyber activists formed in 2016, and has targeted Russian entities since it invaded Ukraine nearly three years ago. Last October, the group claimed responsibility for knocking out parking enforcement in the Russian city of Tver. The year before, the hackers claimed to have breached Russia’s national card payment system and obtained user data. 

The attack on Nodex is one in a series of recent cyber incidents against Russia claimed by a Ukrainian group. Earlier in January, cyber specialists from Ukraine’s military intelligence (HUR) said they attacked the Russian railway system operator, destroying its servers, disabling workstations and wiping backups.

In December, HUR claimed responsibility for the attack on Gazprombank, one of the largest financial institutions in Russia, reportedly causing widespread disruptions and leaving “hundreds of thousands of Russians unable to complete money transfers or online payments.” The targeted companies did not publicly acknowledge the attacks.

CybercrimeGovernmentNewsTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

UN aviation agency ICAO confirms its recruitment database was hacked

Next Post

Education software firm’s hack exposes personal data for students, teachers nationwide

Related Posts

Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors

Cloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service (DDoS) attacks in the second quarter of 2025, a significant drop from 20.5 million DDoS attacks it fended off the previous quarter. "Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed," Omer Yoachimik and Jorge Pacheco said. "Cloudflare blocked over 6,500 hyper-volumetric DDoS attacks, an average of 71
Avatar
Read More

Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761 times. It was first
Avatar
Read More