On December 20, 2023, Rosvodokanal, the Russian water utility firm, experienced a alleged cyberattack perpetrated by the Ukrainian hacker group Blackjack.
Multiple undisclosed law enforcement sources confirmed the occurrence of a cyberattack on the IT infrastructure of the Russian water utility. The announcement of the Russian water utility cyberattack was followed by the cyberattack against Kyivstar, a phone company in Ukraine, that was attributed to Russian hackers and resulted in widespread network and internet failures.
It can be argued that this cyber incident is perceived as retaliation for the earlier cyberattack on Kyivstar.
According to Ukrainska Pravda reports, there is a likelihood that the Security Service of Ukraine (SBU) played a supporting role in the cyberattack on Rosvodokanal’s digital infrastructure.
Blackjack stands accused of targeting over 6,000 computers and erasing more than 50 terabytes (TB) of data, encompassing backup files, correspondence, and internal documents. The source further emphasized that the SBU is presently scrutinizing 1.5 TB of Rosvodkanal data.
Despite the cyberattack claims, Rosvodkanal has not provided any updates on its website or social media accounts. Mikhail Fridman, a Russian oligarch under sanctions, is a co-owner of the Alfa Group, which includes Rosvodkanal, responsible for providing water to approximately 7 million people.
This November, the Aliquippa Municipal Water Authority experienced a cyberattack believed to be linked to Iranian hackers. The attack targeted the booster station system responsible for regulating water pressure in Raccoon and Potter Townships. Authorities sought to reassure the public that the water supply for over 6,600 customers in Aliquippa and surrounding areas remained unaffected despite the breach.
Responding to the cyberattack triggered by an alarm, the utility promptly shut down the compromised system. Water facility representatives emphasized that there was no substantial risk to the drinking water or the overall water supply.
The hacktivist group Cyber Av3ngers, with alleged ties to Iran, claimed responsibility for the attack. They attributed their actions to animosity towards Israel and targeted an industrial control system (ICS) produced by the Israeli company Unitronics.
In late November, RBC Ukraine reported that the Blackjack group, working with the SBU, had compromised the Russian Labor and Social Protection Ministry’s website and downloaded a significant amount of sensitive data.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
A new paper gives an insider’s perspective into CISA’s Known Exploited Vulnerability catalog – and also offers a free tool…
The Cyber Express weekly roundup examines cyberattacks, AI misuse, data leaks, and regulatory pressure defining cybersecurity in early 2026.
This Spain Ministry of Science cyberattack incident does not exist in isolation.
The La Sapienza cyberattack shut down systems at Italy’s largest university, with reports linking the incident to BabLock malware and…
Trusted Access for Cyber is OpenAI’s new framework to expand secure use of GPT-5.3-Codex and ChatGPT for vetted cyber defenders.
Mitigating risk from End-of-Support edge devices is no longer about compliance, it’s about survival.
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More