Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security The Internet

Ukrainian Hacker Group Takes Down Moscow ISP As a Revenge For Kyivstar Cyber Attack (dailysecurityreview.com) 85

Longtime Slashdot reader Plugh shares a report from Daily Security Review: A Ukrainian hacker group [...] carried out a destructive attack on the servers of a Moscow-based internet provider to take revenge for Kyivstar cyberattack. The group, known as Blackjack, successfully hacked into the systems of M9com, causing extensive damage by deleting terabytes of data. Numerous residents in Moscow experienced disruptions in their internet and television services. Additionally, the Blackjack hacker group has issued a warning of a potentially larger attack in the near future.

Based on the information provided by Ukrinform, the cyber attack on M9com deleted approximately 20 terabytes of data. The attack targeted various critical services of the company, including its official website, mail server, and cyber protection services. Furthermore, the hackers managed to access and download over 10 gigabytes of data from M9com's mail server and client databases. To make matters worse, they made this stolen information publicly accessible via the Tor browser. [...]

Based on the nature of the attack on M9com, it appears that when the hackers hit Moscow, they were able to gain access to the back-end operations of the company. This allowed them to effectively delete data from the servers, similar to what occurred in the Kyivstar incident. It is worth noting that this type of attack, which involves directly targeting and compromising the servers, is less common compared to the more frequently observed distributed denial-of-service (DDoS) attacks. DDoS attacks overwhelm a system by inundating it with automated requests, causing the service to become inaccessible.

This discussion has been archived. No new comments can be posted.

Ukrainian Hacker Group Takes Down Moscow ISP As a Revenge For Kyivstar Cyber Attack

Comments Filter:
  • But not by technology, but with sticks and stones
    • If proper backups were performed, and proper DR policies were in place, this is about a days worth of restoration work to correct.

      Tops.

      20TB is, as the user below points out, "Not that much" in datacenter terms. On enterprise scale SAN systems, that much data can be handled in just a few hours.

      If they *DIDN'T* have proper backups, and proper DR policies were *NOT* in place, well... .... They get to be the poster child for why you need to do those things!

      • by Bert64 ( 520050 ) <bert@@@slashdot...firenzee...com> on Saturday January 13, 2024 @06:48AM (#64155447) Homepage

        Quite quick to restore from backups yes, but your backups will also contain the vulnerabilities, backdoors and/or compromised credentials which allowed the attackers to gain access in the first place. You have to be a lot more careful when recovering from a hack or you're just inviting it to happen again.

      • It could take weeks even with proper backups. Restoring servers isn't just some hot swap of data.
        • by znrt ( 2424692 )

          those aren't *proper* backups then.

        • You need a better disaster recovery plan and more practice with it.

          If you have 20TB of mission-critical storage and there is no hardware damage, restoring it should take a little over an hour or either your disaster recovery plan is insufficient or that data isn't really mission-critical.

          Honestly, you're going to spend more time trying to establish the scope of the damage and how to recover without being immediately re-compromised than you are actually executing the recovery.

          • restoring it should take a little over an hour

            No one here is backing up 20TB onto an SSD. I agree it won't take weeks, but your estimate is as wildly off as the grandparent's in the opposite direction. You're looking at over 100 hours of continuous max transfer speed of an LTO-9 tape, to say nothing of the fact that a backup isn't as simple as saying "welp" and reaching for a tape and hitting play.

            • If you're talking about 'tape', you have no idea what you're talking about in a modern data centre. I, on the other hand, have actual recent practical experience in data centres.

              You can choose to not believe that, but if you expect me to believe you have any idea what you're talking about, you're going to have to keep expecting because I know you're full of shit.

              • Even if you were pulling from data domains or similar, 20TB isn't a trivial amount of data and as had been pointed out, knowing exactly what to restore is more than half the problem. The other key is that if they are any kind of decent hackers, they would have gone after the backup system too.
              • If you're talking about 'tape', you have no idea what you're talking about in a modern data centre. I, on the other hand, have actual recent practical experience in data centres.

                Tape libraries are still widely used in the enterprise. You should not consider your data center experience to be representative of all of them.

              • If you're talking about 'tape', you have no idea what you're talking about in a modern data centre.

                Tape is still the standard for backup. No one here is talking about a datacentre. They are talking about 20TB. I have 20TB at home. In my basement. If you think 20TB qualifies you for a datacentre it is *you* who doesn't know what you're talking about.

                In any case the point is the same. You're going to spend far more than a couple of hours just doing investigation and forensics before you even begin recovery. This will not be resolved in a day. Not remotely. Probably not a week, but saying "a little over an

        • Then you are clearly not using a COW based file system, have no idea what a snapshot is, have no idea how Disaster Recovery sites/policies work, or how to effectively use those tools.

          A proper backup contains the full snapshot history and metadata of your storage array. It should be possible to restore not only the last blessed state of the array, but any other snapshotted state of the array, arbitrarily, if you have a proper backup plan in place.

          A proper disaster recovery implementation allows for 'immediat

          • Damn slashdot mobile BS, replied to the wrong subthread. Sigh.

            Quite correct about the proper backup containing the vulns.

            This is why it takes a full day, and not 'just a few hours'.

            Baseline procedure is to force recredentialling of all accounts, while obeying rules to prevent password re-use. If a technical exploit against a service was used, siloing the service, or disabling it until it can be fixed by an upstream vendor (hah!) Is required.

            The latter has been known to take years to resolve.

            However, siloing

          • Then you are clearly not using a COW based file system, have no idea what a snapshot is, have no idea how Disaster Recovery sites/policies work, or how to effectively use those tools.

            When your fancy storage array is compromised along with all the backups across all of your remote sites because everything was online and the attacker "moved laterally" compromising all of the operator accounts and all of the systems what then? I see lots of high profile ransomware payouts from people who likely believed they had competent backups in place.

            This is HOW you get nine 9s of uptime reliability, and assurances of data integrity.

            This very well may be a way of recovering from hardware and software failures. It may be completely meaningless against deliberate sabotage.

            At worst, your virtual servers should complain about not being shut down correctly.

            At worst th

  • Anyone else have the feeling this is very little data? I mean, I nearly have more HDD space in my home computer...
    • It is important to note that this is an ISP, and not a digital data warehousing operation, like say WordPress or Google or Amazon Web Services (Or Mega, or any other such large datacenter operation).

      Customer information, and internal email operations data is not that big, in the greater scheme of things.

      Additionally, if there is thin provisioning going on for things like virtual servers, or disk deduplication going on, then 20TB of unique data could be quite a bit more then "as seen by outside observers".

  • In terms of the war effort, rather than a big public splash of "we made them recover from backups", you want to exfiltrate that data and dig through it for anything useful. You never know, maybe someone who uses that ISP could be a useful tool if blackmailed.

    Beyond that, rather than delete data, corrupting it to cause chaos would better. Introduce a bug to their billing system to piss off customers. Insert faked kompromat into their personal data, then anonymously tip off the authorities.

    • One unintended but not unexpected consequence of the war is both Ukrainians and Russians will end up being battle hardened, not just skilled above the West in kinetic, electronic and cyber warfare, but also less casualty averse. The West may end up having an enemy that is stronger than before the war.

      • >both Ukrainians and Russians will end up being battle hardened, not just skilled above the West in kinetic, electronic and cyber warfare, but also less casualty averse.

        Ukraine is having internal issues with recruitment, draft resistance, and draft dodging. They may want to defend their nation against an unprovoked invader, but they're also human beings and most of them just want to survive even if it means fleeing and letting the invader win. Since the government is trying to walk the line on those is

      • by Uberbah ( 647458 )

        Russia will have many hundreds of thousands of battle hardened veteran troops, but for Ukraine they're either dead or disabled. They've lost half a million troops while Russia has lost a fraction that number. Russia has nearly 150 million people; Ukraine is down to around 20 million after millions fled. Average age of a Ukrainian soldier is into their 40's.

        Math was never going to work out in Ukraine's favor, anymore than it has for the Kurds. who for some reason keep letting the US talk them into Pickett's

        • This may well be true, but it doesn't hurt affording them that grace, which they deserved. I imagine the Russians think the same of them.

          They'll never have love for Russians, but I wonder if they'll think the West has played them. I suspect deep down they know the West sees THEM deep down as no better than the filthy Russians.

      • One unintended but not unexpected consequence of the war is both Ukrainians and Russians will end up being battle hardened, not just skilled above the West in kinetic, electronic and cyber warfare, but also less casualty averse. The West may end up having an enemy that is stronger than before the war.

        Russia is already using human wave attacks, sending troops at the enemy and shooting them if they retreat [newsweek.com].

        That's not the pressures of war, that's just a government that doesn't give a damn about human life.

        And it's a government that certain elements in the US seem to be cheering for.

  • 20TB is one disk drive these days. It's nothing.

    • by ukoda ( 537183 )
      In terms of storage capacity you are right. I have around that much in storage at home and twice that in off site back ups. However in terms of data it is a huge amount of you have lost it and have to recreate it.

      If you have, say 1kB per customer, it could be the name, address and IMSI for 20 million customers. You now have to wait for each of them to contact you, get that data off each of them and manually enter than information back into your systems. If that takes 12 minutes average per customer th
  • Proper backups is exactly what should be done, but there are quite a few businesses out there which are held hostage by someone who waves the hands about âoesecurityâ and then complains that there is reason x y z why it they arenâ(TM)t taking the necessary actions. This even when someone is willing to work with them to resolve the issues.

Truly simple systems... require infinite testing. -- Norman Augustine

Working...