Ukraine Blackjack hackers take down Moscow ISP in revenge for Kyivstar attack, but apparently they’re just warming up

Russian flag on a laptop
(Image credit: Shutterstock)

In response to the recent takedown of the Ukrainian telecom provider Kyivstar, the Blackjack group has targeted the Moscow based M9 Telecom.

The group claimed that the attack resulted in the total destruction of M9’s servers, website, branch websites, and mail server. All in all, around 20 terabytes of data was apparently deleted.

The Blackjack group said this attack is just a warmup for a later assault, “which will be a serious revenge for Kyivstar.” In the aftermath of the attack, the group also publicly released 10GB of data from M9’s mail servers and their client database.


Reader Offer: Save up to 68% on Aura identity theft protection

Reader Offer: Save up to 68% on Aura identity theft protection
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal. Save up to 50% today. 

 Preferred partner (What does this mean?) 

 An eye for an eye, and a telecom for a telecom

Last month, the Russian-backed Sandworm group took down Kyivstar services after lingering within its network since as early as May 2023. The attack resulted in a total network outage, causing disruption to communications in the capital and disabling a number of early warning systems in local villages. Last year's attack also prompted Kyiv residents to seek alternative telecom providers, causing network overloads for Lifecell and Vodafone in Ukraine.

The Blackjack group earlier targeted a Russian water utility firm with support from the Security Service of Ukraine (SBU) resulting in the group deleting 6 terabytes of data and stealing an additional 1.5 terabytes.

Russian and Ukrainian groups have been trading blows for a number of years, but cyber activity has increased in parallel with hostilities since the illegal Russian annexation of the Crimean peninsula in 2014. Russia has significant ramped up its cyberwarfare abilities in the wake of the full scale invasion of Ukraine as means of increasing its capacity for hybrid warfare and as practice and testing of its tactics, techniques and procedures (TTP).

As the invasion of Ukraine - dubbed by the Kremlin as a ‘special military operation’ - is set to enter its second year, Russia is expected to step up its cyber campaigns both against the Ukrainian civilian population and Ukraine’s allies as a way to erode support for both the government itself and any further provisions of military aid and funding.

Via SiliconAngle

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict Collins is a Staff Writer at TechRadar Pro covering privacy and security. Before settling into journalism he worked as a Livestream Production Manager, covering games in the National Ice Hockey League for 5 years and contributing heavily to the advancement of livestreaming within the league. Benedict is mainly focused on security issues such as phishing, malware, and cyber criminal activity, but he also likes to draw on his knowledge of geopolitics and international relations to understand the motives and consequences of state-sponsored cyber attacks.


He has a MA in Security, Intelligence and Diplomacy, alongside a BA in Politics with Journalism, both from the University of Buckingham. His masters dissertation, titled 'Arms sales as a foreign policy tool,' argues that the export of weapon systems has been an integral part of the diplomatic toolkit used by the US, Russia and China since 1945. Benedict has also written about NATO's role in the era of hybrid warfare, the influence of interest groups on US foreign policy, and how reputational insecurity can contribute to the misuse of intelligence.


Outside of work Ben follows many sports; most notably ice hockey and rugby. When not running or climbing, Ben can most often be found deep in the shrubbery of a pub garden.