Hackers linked to Ukraine’s main spy agency have breached computer systems at a Moscow-based internet provider in retaliation for a Russian cyber attack against Ukrainian telecom giant Kyivstar, a source with direct knowledge of the operation told Reuters on Tuesday.

The hacking group, dubbed “Blackjack”, has previously been linked to the Security Service of Ukraine (SBU). The hackers deleted 20 terrabytes of data at M9 Telecom, a small Russian internet and TV provider, leaving some Moscow residents without internet, the source said.

The digital intrusion was a warm-up for a larger cyber attack which would be “serious revenge for Kyivstar”, the source said, citing the hackers. The source did not say when the hack took place.

Archive

  • @bitwaba
    link
    7
    edit-2
    10 months ago

    small Russian internet and TV provuser

    Lol. M9 is the peering facility in Moscow, a former telephone exchange, which housed tons of KGB monitoring equipment as well which transitioned to the FSB after the iron curtain fell. At one point it was said that 70% of Russia’s internet ran through that building. M9 is the original Moscow Internet exchange, MSK-IX , IX being industry terminology for Internet exchange (similar to PAIX for Palo Alto Internet Exchange, and Equinix the data center provider) but is also a clever use of IX as the roman numeral 9 hence M9/MSK-IX. MSK-IX the company also has Internet exchanges in another half doezen or so Russian cities.

    20T is a lot of data depending on what it is (text records on activists/spies/war targets?) and M9 is not a small ISP.

    • andrew_bidlaw
      link
      fedilink
      310 months ago

      Are M9 Telecom and MSCIX connected? I’ve googled around and thought they are different companies. There’s not much info on M9T besides a simple landing suggesting internet\ipTV services, and MSC9 page is about a full-fledged data center used by many. I thought the breach of MSC9 could bring way more problems, more than Kiyvstar. I think they are confused due to their names.

      • @bitwaba
        link
        310 months ago

        It’s probably lost in translation. From everything I’ve known about visiting the site (physically, not the website), M9 is the name of the building/facility itself.

        https://app.dcbyte.com/listing/rostelecom-data-centers-m9

        There is no M9 telecom that I can find reference to other than the news articles talking about this recent hack event. [I take that back. Using the internet archive I was able to see their site m9com.ru. Looks like they are a home user ISP, but I can’t find their AS number so I dont know much else about them, or why them being targeted for an attack would be a big deal other than the “spooky hacker stuff” headline.]. The M9 building houses many network and server spaces owned by lots of different Russian ISPs. I guess M9 Telecom could be one of them.

        https://www.peeringdb.com/fac/152

        • andrew_bidlaw
          link
          fedilink
          110 months ago

          Thought about that too initially. And I think I’d have a harder time sending that message if that happened. Nevertheless, our gov servives are very slow rn and I don’t know if it’s their failure or someone’s feat. With everything I had from federal companies, I’m first to accept the first variant.