Cybersecurity

Ukrainian Hackers Strike Back: Blackjack Cyberattack Disrupts Russian Water Utility

On December 20, 2023, Rosvodokanal, the Russian water utility firm, experienced a alleged cyberattack perpetrated by the Ukrainian hacker group Blackjack.

Multiple undisclosed law enforcement sources confirmed the occurrence of a cyberattack on the IT infrastructure of the Russian water utility. The announcement of the Russian water utility cyberattack was followed by the cyberattack against Kyivstar, a phone company in Ukraine, that was attributed to Russian hackers and resulted in widespread network and internet failures.

It can be argued that this cyber incident is perceived as retaliation for the earlier cyberattack on Kyivstar.

Decoding Russian Water Utility Cyberattack

According to Ukrainska Pravda reports, there is a likelihood that the Security Service of Ukraine (SBU) played a supporting role in the cyberattack on Rosvodokanal’s digital infrastructure.

Blackjack stands accused of targeting over 6,000 computers and erasing more than 50 terabytes (TB) of data, encompassing backup files, correspondence, and internal documents. The source further emphasized that the SBU is presently scrutinizing 1.5 TB of Rosvodkanal data.

Despite the cyberattack claims, Rosvodkanal has not provided any updates on its website or social media accounts. Mikhail Fridman, a Russian oligarch under sanctions, is a co-owner of the Alfa Group, which includes Rosvodkanal, responsible for providing water to approximately 7 million people.

Not the First Incident of Water Utility Cyberattack

This November, the Aliquippa Municipal Water Authority experienced a cyberattack believed to be linked to Iranian hackers. The attack targeted the booster station system responsible for regulating water pressure in Raccoon and Potter Townships. Authorities sought to reassure the public that the water supply for over 6,600 customers in Aliquippa and surrounding areas remained unaffected despite the breach.

Responding to the cyberattack triggered by an alarm, the utility promptly shut down the compromised system. Water facility representatives emphasized that there was no substantial risk to the drinking water or the overall water supply.

The hacktivist group Cyber Av3ngers, with alleged ties to Iran, claimed responsibility for the attack. They attributed their actions to animosity towards Israel and targeted an industrial control system (ICS) produced by the Israeli company Unitronics.

In late November, RBC Ukraine reported that the Blackjack group, working with the SBU, had compromised the Russian Labor and Social Protection Ministry’s website and downloaded a significant amount of sensitive data.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.