Ukrainian hacktivists from the Ukrainian Cyber Alliance (UCA) have claimed responsibility for a devastating cyberattack on Russian internet service provider Nodex.
The group announced they had infiltrated Nodex’s network, stolen sensitive data, and wiped its systems, leaving the company without backups. Screenshots shared by the hackers showed compromised VMware, Veeam backup, and Hewlett Packard Enterprise infrastructure.
Nodex confirmed the attack in a VKontakte post, describing it as a planned breach likely originating from Ukraine. “The network has been destroyed. We are restoring it from backups,” the company said. However, as of Tuesday, the ISP had no clear timeline for full recovery. Some services have been partially restored, but disruptions continue to affect many customers.
The attack, which led to widespread connectivity issues across Nodex’s fixed-line and mobile services, was also observed by internet monitoring organization NetBlocks. Engineers at Nodex have since restored the network core and a DHCP server, allowing some users to regain internet access.
The Ukrainian Cyber Alliance has been active since 2016, targeting Russian organizations to counter perceived aggression. Previous operations have included breaches of the Russian Ministry of Defense, media outlets, and ransomware groups. This latest attack on Nodex adds to their list of high-profile actions, emphasizing the escalating role of cyberwarfare in the ongoing conflict.
