Russian ISP Nodex confirms Ukrainian hackers breached and destroyed its network infrastructure

A Russian internet service provider (ISP), Nodex, has confirmed that Ukrainian hacktivists successfully breached and destroyed its network infrastructure. The cyber attack, carried out by the Ukrainian Cyber Alliance group, resulted in significant service disruptions and data theft.

The incident occurred on Monday, 6th of January 2025, with the hacktivists announcing on Tuesday that they had completely compromised Nodex's St. Petersburg operations, exfiltrating data and wiping systems. The attackers shared evidence of their breach, including screenshots of the ISP's compromised VMware, Veeam backup, and Hewlett Packard Enterprise virtual infrastructure.

Nodex acknowledged the attack through a VKontakte post, confirming that their network had been "destroyed" in what they described as a planned attack originating from Ukraine. Internet monitoring organization NetBlocks corroborated the incident, observing a collapse in both fixed-line and mobile services connectivity on Nodex's network at midnight following the attack.

The nature of the attack and number of affected individuals is not disclosed.

Nodex is reporting that its network core has been restored and a DHCP server brought online, allowing some customers to regain internet access. However, the complete restoration timeline remains unclear, with engineers continuing to work on resetting switches and restoring services.