cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Ukrainian hackers take out hundreds of Russian space research servers and supercomputers

The cyber warfare between Russia and Ukraine continues as hackers from the latter launch an attack and destroy the database and infrastructure of Russia’s Far Eastern Research Center of Space Hydrometeorology, “Planeta”.

user icon Daniel Croft
Thu, 25 Jan 2024
Ukrainian hackers take out hundreds of Russian space research servers and supercomputers
expand image

According to Ukraine’s military intelligence agency, the attack resulted in two petabytes of data and 280 servers being destroyed. Additionally, a digital array valued at US$10 million was also lost in the attack, as well as disabling the research centre’s supercomputers beyond repair through the destruction of software.

“One such computing device together with software costs US$350,000. In the conditions of strict sanctions against Russia, to get such a software again it is impossible,” wrote Ukrainian Defence.

Data included satellite and meteorological data used by the Roscosmos space agency, Russian Defence, emergency situations ministries and other government departments.


Adding salt to the wound, airconditioning, emergency power, and humidification systems were also disabled.

“In total, dozens of strategic companies of the Russian Federation, which work on ‘defense’ and play a key role in supporting Russian occupation troops, will remain without critically important information and services for a long time,” the agency added.

“Glory to Ukraine!”

The attack is the latest in a series between Ukraine and Russia, with the latter recently disabling Ukraine’s largest telco, Kyivstar.

The attack, which occurred in December last year, resulted in service outages the telco originally said were the fault of a technical failure, before confirming a cyber attack.

The attack left Kyivstar’s over 25 million customer base, over half the country’s population, without mobile and home internet services.

A day after the incident, the attack was claimed by Russian hackers from the Solntsepek group, which said they wiped thousands of servers and 10,000 computers.

“We, the Solntsepek hackers, take full responsibility for the cyber attack on Kyivstar. We destroyed 10 thousand computers, more than 4 thousand servers, all cloud storage and backup systems,” said the group on Telegram.

“We attacked Kyivstar because the company provides communications to the Armed Forces of Ukraine, as well as government agencies and law enforcement agencies of Ukraine.”

The Solntsepek is a group believed to be connected to the Sandworm Russian military hacking group.

Security Service of Ukraine head Illia Vitiuk has since confirmed that the attack on Kyivstar was a result of the Sandworm hackers.

Cyber security firm CrowdStrike has speculated that a Russian GRU adversary by the name of Voodoo Bear may be behind the attack.

“CrowdStrike Counter Adversary Operations assesses with moderate confidence that the tradecraft in the attack against Kyivstar is likely attributable to Russian GRU adversary Voodoo Bear, operating under pro-Russian hacktivist persona Solntsepek,” said Adam Meyers, head of counter adversary operations at CrowdStrike.

“Reports around the destruction of Kyivstar’s virtual infrastructure coincide with reports of air raid sirens in Kiev malfunctioning, as well as payment terminals and multiple banks suffering disruption, and issues reported with payment for public transportation.”

In response, Ukraine launched an attack on Russian internet provider M9com, deleting and stealing masses of data.

“Hackers from the Blackjack group, who are likely related to the SBU [Security Service of Ukraine], hacked the Moscow-based internet service provider M9com and destroyed its servers,” the source told Ukrinform.

The source added that the hackers deleted roughly 20 terabytes of data, including M9com’s official website, mail server, cyber protection services, the websites of M9com’s branches and more, the result of which left a large portion of Moscow’s residents without TV or internet.

According to the source, the attack on M9com was simply a “warm-up attack” and that more would come as part of its “serious revenge for Kyivstar.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.