Cyber Threat Actor: BO Team
| Actor Type | Location | Known Incidents |
Activist
|
Ukraine
|
9 incidents |
|---|
Profile
BOTeam is a Ukrainian hacktivist group that has been identified by its alias and is known to operate from Ukraine. The group’s public activities have focused on disrupting telecommunications infrastructure in Russia and occupied Crimea, specifically targeting internet service providers. In late December 2025 BO Team claimed responsibility for wiping the network routers of the Russian ISP Kraft‑S, which caused extended connectivity disruptions for its customers, and for a similar attack on the Crimean ISP SimStar that resulted in prolonged outages for users. These actions were described as part of a coordinated campaign that employed the same destructive technique against multiple providers to degrade service availability. The stated effect of the attacks was to interrupt internet access, indicating a strategic objective centered on disruption rather than financial gain or espionage. No public sources attribute to BO Team any motives beyond causing connectivity interruptions, and the group’s activities are consistently framed as hacktivist actions aimed at affecting adversary communications.
The primary tactic observed in BO Team’s operations is the wiping or destruction of network routers, a method that directly impairs the ability of affected systems to route traffic and maintain service. No specific malware families, initial access vectors, or tooling details have been disclosed in the available reporting, so the group’s technical profile is limited to this destructive impact on hardware. Attribution to BO Team rests on the group’s own claims regarding the router‑wiping incidents, while other cyber operations described in the source material are linked to Ukrainian military intelligence rather than to this hacktivist collective. Consequently, BO Team’s known affiliation remains that of an independent Ukrainian hacktivist group without explicit state sponsorship indicated in the provided information. The New Year’s Eve 2025 attacks on Kraft‑S and SimStar serve as the most concrete examples of the group’s capability and focus, illustrating a pattern of targeting critical communications nodes to achieve disruptive outcomes.
