Cyber Incident Victim: M9 Telecom
Date:
Jan 2024
Location:
Russia
Summary
Hackers associated with Ukraine's Security Service breached a Moscow-based internet provider, deleting 20 terabytes of data and disrupting internet services for some residents, in retaliation for a prior Russian cyberattack targeting Ukraine's largest mobile operator. The group, identified as Blackjack, described the intrusion as preparation for a larger retaliatory operation following the destructive attack on Kyivstar, which Russian actors had infiltrated for months. While the hackers claimed to have destroyed the provider's website, it remained accessible, and the full impact of the breach could not be independently verified. The incident occurred amid heightened cyber hostilities, including Ukraine's acquisition of classified military data from a sanctioned Russian defense manufacturer.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 9, 2024, Reuters reported that hackers associated with Ukraine’s Security Service (SBU), operating under the name "Blackjack," breached the systems of Moscow-based internet provider M9 Telecom. The attack was described by a source with direct knowledge as retaliation for a prior Russian cyber attack against Ukrainian telecommunications operator Kyivstar, which occurred in December 2023. During the intrusion, Blackjack deleted 20 terabytes of data from M9 Telecom’s infrastructure, disrupting internet services for some Moscow residents. The source characterized this breach as a preliminary action preceding a larger, unspecified cyber operation intended as "serious revenge" for the Kyivstar incident. No specific timeline was provided for the M9 Telecom attack, and the company’s website remained accessible despite hacker claims of its destruction. M9 Telecom CEO Andrey Pavolvsky declined to comment when contacted by Reuters, and the company did not respond to emailed inquiries. Reuters could not independently verify the operational success or technical scope of the breach beyond the source’s claims.
The M9 Telecom incident followed a devastating cyber attack on Kyivstar, Ukraine’s largest mobile network operator, attributed to Russian state-sponsored actors. Ukrainian cyber spy chief Illia Vitiuk disclosed that Russian hackers had infiltrated Kyivstar’s systems months before executing the December 2023 attack, which caused "disastrous" infrastructure damage and widespread service outages. Separately, Ukraine’s military intelligence agency (GUR) announced it had obtained classified Russian military data from the Special Technology Centre (STC), a sanctioned manufacturer of Orlan drones and intelligence equipment for Moscow. No direct operational link was established between the GUR’s data acquisition and the Blackjack group’s activities against M9 Telecom. The retaliatory nature of the M9 breach highlighted escalating cyber hostilities between Ukrainian and Russian actors, though neither government issued formal statements acknowledging the incidents at the time of reporting.