The Ukrainian Cyber Alliance, a pro-Ukrainian hacktivist group, claimed responsibility for the attack that occurred late on January 6, 2025.
The hackers not only breached Nodex's network infrastructure but also managed to exfiltrate sensitive data before wiping the company's servers. The attack's impact was immediately visible, with monitoring organizations NetBlocks and Cloudflare reporting a complete collapse of both fixed-line and mobile services, showing customer internet traffic levels dropping to 0%.
Nodex confirmed the severity of the breach through its VK social media account, stating, "The network has been destroyed."
 |
| Nodex confirmed the cyberattack |
The company acknowledged that while they are attempting to restore services from backup copies, they cannot provide a definitive timeline for full recovery. The ISP's initial response focused on restoring basic services, with priority given to telephony and call center operations.
The Ukrainian Cyber Alliance provided evidence of their successful infiltration by sharing screenshots of Nodex's compromised systems, including access to the company's VMware infrastructure, Veeam backup systems, and Hewlett Packard Enterprise virtual infrastructure.
A user on X (formerly Twitter) going with the handle @vx_herm1t (maybe connected to the Ukrainian Cyber Alliance group) has also shared all stories with proof of hacking.
The hacktivist group stated they left "empty equipment without backups" after exfiltrating the data.
As part of their recovery efforts, Nodex reported some progress, including the restoration of their network core and the reactivation of a DHCP server, which should enable internet connectivity for some customers.
The company has advised its subscribers to reboot their routers to regain service.
The Ukrainian Cyber Alliance, established in 2016, has a history of targeting Russian organizations. The group, which includes various hacker collectives such as FalconsFlame, Trinity, RUH8, and CyberHunta, has previously claimed successful breaches of numerous high-profile Russian targets, including the Russian Ministry of Defense and the Trigona ransomware gang's infrastructure.
This incident was one of the most significant disruptions to Russian internet infrastructure since the start of the conflict, demonstrating the increasing role of cyber warfare in modern geopolitical disputes.