Ukrainian hackers claim attack on Russian scientific research center

Pro-Ukraine hackers have reportedly breached a Russian scientific research center, Ukraine's defense intelligence directorate (GUR) said.

According to GUR’s report on Wednesday, the hacker group called “BO Team” attacked the State Research Center on Space Hydrometeorology, also known as “Planeta,” and destroyed its database and valuable equipment.

Planeta is a Russian state enterprise that receives and processes data from 11 domestic and 23 foreign Earth observation satellites, according to its website. This data is then used by other Russian state entities.

Ukraine's intelligence claimed that hackers attacked the eastern branch of the organization, described as “the largest of the three.” The agency hasn’t responded to a request for a comment to confirm the attack.

The hackers claimed to have destroyed 280 servers and two petabytes of information, including weather and satellite data, as well as “unique research.”

“The work of supercomputers — each worth $350,000 — was paralyzed and cannot be fully restored,” the hackers claimed.

The lost data could cost Russia at least $10 million, according to GUR. However, both this claim and the attack itself are impossible to verify independently.

The cyberattack also allegedly disabled the station's air conditioning and humidification systems, as well as the regulation of the emergency power supply. The hackers also claimed to have cut off the internet at a Russian Arctic station, which carries out “important tasks for the military."

“Dozens of strategic Russian companies, which work for defense and play a key role in supporting the Russian occupation forces, will remain without critically important information and services for a long time,” GUR said.

Ukraine’s cyberattacks on Russia

Ukraine’s intelligence agency didn’t mention if it was involved in the attack on Planeta, and if it was not, it is unclear why it publicly reported on it.

This is the second such report this week following confirmation of an attack reportedly carried out by the IT Army of Ukraine on the Russian telecom company Akado, which provides internet services to state companies.

Hackers from the IT Army said that it’s the third time they have targeted Akado’s systems with a distributed denial-of-service (DDoS) attack.

In December, Ukraine’s military spies said they infected thousands of servers belonging to Russia's state tax service with malware and destroyed its databases and backups. The attack led to the “complete destruction” of the agency’s infrastructure, according to GUR’s statement.

In November, the agency acknowledged that it was behind "a successful cyber operation" against the Russian government's civil aviation agency, also known as Rosaviatsia. It was the first time that Ukraine’s government had taken responsibility for a cyber operation against a Russian target.

One problem with these public acknowledgments is that they don’t provide concrete evidence to show that the operation indeed happened, and the attacked companies never respond to such claims, or they simply deny the attacks. There’s currently no public evidence that the civil aviation agency was disrupted by hackers.

However, the attacks don’t go completely unnoticed by the Kremlin.

For example, after Ukrainian security services claimed that they cooperated with hackers to breach Russia's largest private bank, Alfa-Bank, the bank denied the attack and stated that the leaked data was fake.

But a Russian security researcher later discovered that some of his acquaintances were included in the data breach, and he was able to verify that the leak included authentic Alfa-Bank card numbers, contact information, and dates of birth.

Earlier this week, the Russian state-owned news agency reported that the Russian internet regulator, Roskomnadzor, is currently investigating Alfa-Bank’s possible data breach.