Cyber Threat Actor: Blackjack
| Actor Type | Location | Known Incidents |
Nation State
|
Ukraine
|
1 incident |
|---|
Profile
Blackjack is the alias used by a threat actor group that has been publicly linked to Ukraine’s Security Service. The group’s known location is Ukraine, and it emerged in open reporting through a specific cyber operation conducted in early 2024. Blackjack is not described as a criminal syndicate but rather as an entity acting under state direction, with its activities tied to Ukrainian governmental objectives. The actor’s public profile remains limited to the single incident that has been detailed in available sources, and no further aliases or organizational structure have been disclosed.
In the operation dated January 1 2024, Blackjack targeted a Moscow‑based internet provider, a target within the telecommunications sector located in Russia. The stated purpose of the intrusion was retaliation for a prior Russian cyberattack that had compromised Ukraine’s largest mobile operator, Kyivstar, and the group framed the action as preparation for a larger retaliatory effort. The objective appeared to be disruptive, aiming to delete large volumes of data and interrupt internet services for residents, rather than to pursue financial gain or espionage. The attack resulted in the claimed deletion of twenty terabytes of data and caused service outages, although the group’s assertion that the provider’s website was destroyed could not be independently verified and the site remained accessible.
The tactics observed in this incident involved gaining access to the provider’s network, exfiltrating or destroying data, and causing a noticeable disruption to service availability; no specific malware families, initial‑access vectors, or tooling styles were mentioned in the reporting. Attribution to Blackjack is supported by the explicit connection to Ukraine’s Security Service, indicating a state‑nexus relationship rather than a purely criminal motive. The January 2024 breach represents the only publicly reported campaign attributed to Blackjack, and it serves as the primary example of the group’s focus on disruptive retaliatory actions against Russian infrastructure in the context of ongoing cyber hostilities.
