Hackers knock out systems at Moscow-run postal operator in occupied Ukraine

A Russian state-owned postal operator in occupied eastern Ukraine said Monday its systems were disrupted by “external interference” after a pro-Ukraine hacktivist group claimed it had wiped thousands of the company’s devices.

Donbas Post, which operates in the Russian-controlled parts of Donetsk and Luhansk, said the incident affected its corporate network, web platform and email systems. The company had restricted access to several services to contain the breach and was working to restore operations.

The statement came after the Ukrainian Cyber Alliance (UCA) said Friday it had carried out the attack, claiming that more than 1,000 workstations, around 100 virtual machines and “several dozen terabytes” of data were destroyed. The group also published screenshots it said were taken from Donbas Post’s internal systems.

The disruption coincided with a reported Ukrainian drone strike on energy infrastructure in the occupied region last week, which authorities claimed left half a million people without power. Donbas Post said it had suspended work at postal branches and its call center due to the power outages. It is unclear whether the cyberattack and the drone strike were coordinated or simply occurred at the same time.

UCA, a network of pro-Ukrainian cyber activists formed in 2016, has stepped up operations since Russia’s full-scale invasion in 2022. The group has previously claimed attacks on Russian financial firms, internet providers and municipal systems, including incidents affecting microfinance company CarMoney, telecom operator Nodex and parking operations.

Russian-occupied areas of Ukraine have become frequent targets for hacktivist groups and state-backed cyber actors. In 2023, researchers at Russia’s Kaspersky Lab said they had identified a new malware strain used for surveillance of government agencies and agriculture and transport organizations in the Donetsk, Luhansk and Crimea regions, which Moscow seized in 2014. The Cloud Atlas cyber-espionage group has also been observed targeting high-profile entities in the occupied territories.