Menu
Browse

Cyber Threat Actor: OneFist

Actor Type Location Known Incidents
 Icon
Activist
Ukraine
1 incident
Profile

OneFist is a pro-Ukraine hacker group operating amid the Russia-Ukraine conflict, publicly linked to disruptive cyber operations targeting Russian infrastructure. The group exploited a critical misconfiguration in the customer relationship management (CRM) system of Gonets, a Russian low Earth orbit satellite communications network, gaining unauthorized access as legitimate users in September 2022. Their operation focused on disabling the satellite network’s functionality by deleting its CRM database, which contained 97 client accounts—including regional offices of Russia’s Federal Security Service (FSB) and entities related to missile or space technology. This action prevented the system from authenticating or billing users, effectively disrupting messaging services for commercial and governmental clients. OneFist members highlighted systemic security failures in Russian networks, noting the exposed CRM database lacked firewalls or basic protections, calling such negligence indicative of broader cybersecurity deficiencies.

The group’s targeting aligns with sectors supporting Russian state or military operations, particularly critical infrastructure like satellite communications. Their strategic objective centers on disruption rather than financial gain or espionage, aiming to degrade operational capabilities of Russian systems. OneFist employed opportunistic initial access vectors, leveraging misconfigured internet-exposed systems without deploying custom malware. The Gonets breach exemplified their operational style: identifying publicly accessible, poorly secured assets and exploiting design flaws to maximize impact. The group claims affiliation with Ukraine’s IT Army, a loosely coordinated hacktivist collective, though no direct state nexus is explicitly confirmed. Their activities reflect broader efforts by Ukraine-aligned cyber groups to target Russian entities during the conflict, emphasizing publicly reported security flaws to undermine perceived institutional resilience.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
1 source