Ukrainian hackers target telecom firm connected to Russian central bank

Ukrainian hackers target telecom firm connected to Russian central bank

A Ukrainian hacking group claimed responsibility on Thursday for an attack on Infotel JSC, a Russian telecom firm that provides key infrastructure to the Russian banking system.

While the exact consequences of the attack remain unclear, a statement on Infotel’s website confirmed that “as a result of a massive hacker attack” company “network equipment was damaged” and that the firm is working to restore access, according to a Google translation.

The attack on Infotel, which appears to have begun Thursday, comes on the heels of a long-awaited Ukrainian counter-offensive. The Cyber Anarchy Squad — a Ukrainian hacking group active since last year’s invasion of Ukraine — took credit for the attack. The group posted to its Telegram channel what appeared to be Infotel network diagrams and a screenshot from inside an Infotel official’s email.

“Acidify the soil, fill the ground with concrete,” the group wrote in a message posted to Telegram, according to a Google translation. “All their infrastructure is destroyed, nothing alive is left there.”

Administrators of the Cyber Anarchy Squad’s Telegram channel did not immediately return a request for comment.

The attack may have caused disruptions to the Russian banking system. The Ukrainian news outlet Economichna Pravda reported that as a result of the attack, “the main banks of Russia and credit organizations throughout the Russian Federation do not have access to banking systems and cannot make payments.” An unconfirmed report posted to LiveMap — an online service that tries to geolocate online reports — suggested that banking services were at least partially inaccessible to customers on Thursday.

According to Infotel’s website, the company is an authorized access provider to an automated communication system between Russia’s central bank and Russian credit institutions.

CyberScoop could not confirm the extent of the attack’s effects on the Russian banking system, and Infotel did not return a request for comment on Friday.

This week’s counter-offensive, in which Ukrainian armed forces are beginning to use heavy weaponry supplied by Western allies to reclaim territory from Russian forces, has been accompanied by attacks on Russian websites. According to Ukrainska Pravda, multiple Russian websites have been hacked and defaced in the last week to show support for the Ukrainian military and the counteroffensive.

Sean Townsend, a spokesperson for the loose collective of hackers and various hacking groups in Ukraine known as the Ukrainian Cyber Alliance, told CyberScoop in an online chat that it is his understanding that “Infotel was wiped, including servers (backups too) and core routers (configs reset, firmware erased).” Townsend added that Infotel JSC “cannot bring up the BGP routing” — which internet service providers use route internet traffic — and added that “I expect that they will (spend) no less than a week to restore the service at minimal level.”

Infotel’s network went down at roughly 11:00 UTC (7 am ET) Thursday, according to Doug Madory, the director of internet analysis at the network monitoring firm Kentik. As of Friday afternoon, Infotel’s network remains down, Madory said.

Moscow-based Infotel (AS8299), the primary provider of the Central Bank of Russia (along with other financial institutions), went down at 10:55 UTC today due to a reported cyberattack.https://t.co/oElMZd0jzE

Outage visible in @IODA_live:https://t.co/n7yGLEBj4s pic.twitter.com/EUTc9mOq05

— Doug Madory (@DougMadory) June 8, 2023

According to Townsend, Infotel took a snapshot of its website from the Internet Archive and is currently hosting it on a third-party provider.

The post Ukrainian hackers target telecom firm connected to Russian central bank appeared first on CyberScoop.