Pro-Ukraine hackers claim breach of Russian internet provider

The pro-Ukrainian hacker group Blackjack is claiming that it breached a Moscow internet provider to seek revenge for a Russian cyberattack on Ukraine’s largest telecom company, Kyivstar.

The attack on M9com was carried out in cooperation with Ukraine’s security forces (SBU), said a source in Ukraine’s law enforcement agency who requested anonymity because he is not authorized to speak publicly about the incident.

There isn't much information available about the attack, and the SBU's role in the operation. Hackers said Monday on their Telegram channel that they will reveal more details soon. So far, the only confirmation of the incident they have provided includes screenshots of the allegedly hacked systems of the internet provider.

The group also published some of the data obtained during the hack on a darknet site accessible via the Tor browser.

The time frame of the attack on M9com is unclear, but as of the time of writing, the allegedly hacked website is up and running. There has been no mention of the operator’s shutdown in the Russian media or on its official website. The company has not replied to requests for comment.

This is not the first time Ukrainian civilian hackers have allegedly cooperated with security services to attack Russian organizations. In an incident publicized in October, two groups of pro-Ukrainian hackers and the SBU claimed to have breached Russia's largest private bank, Alfa-Bank.

The disclosure of the M9com hack closely resembles how information was shared in the Alfa-Bank incident: First, pro-Ukrainian hackers claimed they acquired troves of data, released a portion of it, and then a source within Ukraine's security service confirmed the SBU's involvement in the operation without providing additional details.

Earlier this week, attackers involved in the Alfa-Bank hack released all the data of 30 million bank customers, which they reportedly obtained during the operation.

Alfa-Bank denied reports of a data leak and called the published data, which includes phone and banking card numbers, “a compilation from various sources.”

Russian cybersecurity expert Oleg Shakirov discovered that some of his acquaintances were included in the data breach. He verified that the leak included authentic Alfa-Bank card numbers, with most of the cards having the last digit replaced with 0. Additionally, in some instances, the leak displayed incorrect expiration dates. Shakirov also noted that the compromised data included accurate contact information and dates of birth.

Earlier this week, Ukraine’s military intelligence agency (GUR) claimed to have seized 100 gigabytes of classified data worth around $1.5 billion from a Russian military equipment manufacturer.

This company produces Orlan reconnaissance drones, electronic warfare systems, and other equipment used by the Russian military during the war in Ukraine.

GUR stated that they were able to gain access to this information with the help of “patriotic representatives of civil society and the media community,” but didn’t elaborate on what they meant.

Such public claims about the hacks from both Ukraine and Russia have become more common recently, but in most cases, they are hard to independently verify.