The hacker group called BlackJack, possibly affiliated with Ukrainian intelligence, launched a highly coordinated cyberattack on April 9th against Russian Moscow “Moscollector” industrial sensor and monitoring infrastructure. This infrastructure is vital for managing the safety and security of Moscow’s municipal services, including gas, water, and fire alarms.
The attackers deployed Fuxnet malware and, according to their claims, disrupted 87,000 sensors and control systems across various facilities, while deliberately avoiding civilian infrastructure. Additionally, the attack resulted in the physical destruction of about 1,700 sensors and routers. In addition to damaging physical equipment, the attackers wiped 30TB of critical data from servers, including backup drives and most workstations. They also leaked sensitive data from the Network Operation Center (NOC) and defaced Moscollector’s website and Facebook account.
The Radiflow Research Team analyzed the attack based on the data published by hackers on the website, ruexfil.com.
Who is behind the attack?
How did they do it?
What tactics and techniques did they use?
Find out the details about this massive attack.
Harmonizing risk and consequence strategies across IT and OT environments for greater cyber resilience
Strengthening OT Resilience: Protecting Critical Systems in a Rapidly Evolving Threat Environment
Quarterly ICS Security Report 2024 Q3