Hackers knock out systems at Moscow-run postal operator in occupied Ukraine

Steven

Hackers knock out systems at Moscow-run postal operator in occupied Ukraine

Summary

Donbas Post, the Russian state-run postal operator in occupied parts of Donetsk and Luhansk, reported its corporate network, website and email services disrupted by “external interference.” The company restricted access to several services and is working to restore operations.

The pro‑Ukrainian hacktivist network Ukrainian Cyber Alliance (UCA) claimed responsibility, saying it wiped more than 1,000 workstations, about 100 virtual machines and “several dozen terabytes” of data, and published screenshots purportedly from Donbas Post’s internal systems.

The cyber incident coincided with a reported Ukrainian drone strike on local energy infrastructure that caused widespread power outages and forced postal branches and the call centre to suspend work. It is not yet clear whether the cyberattack and the drone strike were coordinated.

UCA has carried out multiple operations since 2016 and has intensified activity since Russia’s full‑scale invasion in 2022. Occupied regions of Ukraine have repeatedly been targets for both hacktivists and state‑sponsored cyber actors, with researchers and incident reports documenting malware and espionage campaigns in the area.

Key Points

  • Donbas Post reported disruption to its corporate network, web platform and email systems due to “external interference.”
  • The Ukrainian Cyber Alliance claimed the attack, alleging destruction of over 1,000 workstations, ~100 virtual machines and dozens of terabytes of data.
  • Donbas Post limited service access and suspended branch and call centre operations amid concurrent power outages following a reported drone strike.
  • It remains unclear whether the cyber operation and the drone strike were linked or coincidental.
  • UCA has a history of targeting Russian financial firms, ISPs and municipal systems; occupied Ukrainian territories are frequent targets for both hacktivists and espionage groups.

Why should I read this?

Heads up — this isn’t just another outage. It shows how cyber groups are actively disrupting services in occupied areas, hitting both infrastructure and organisations tied to the occupying authorities. If you follow cyberwarfare, regional stability or operational resilience, this is one to skim — it’s short but telling.

Context and Relevance

The incident illustrates a growing pattern where hacktivist and state‑grade cyber activity intersects with kinetic operations, complicating response and recovery for services in contested areas. For cybersecurity teams and policymakers, the attack underlines the need for hardened backups, segmented networks and contingency plans for organisations operating in conflict zones. For analysts tracking the Russia‑Ukraine conflict, it emphasises the expanding role of non‑state cyber actors and the potential for combined cyber‑kinetic effects on civilians and services.

Source

Source: https://therecord.media/hackers-knock-out-systems-russia-operated-post-ukraine