One day I decided to change my main disk and used the opportunity to rebuild everything from scratch and from backups. I was up in about an hour.
And then I spent a week fixing this and that, ah yes I changed that too and, crap, I cannot remember why this thingie is set up this way. And some more.
This is a one-man lab, with simple services, all on docker. I also work in IT.
Recovering from scratch a whole infrastructure managed by many people over the years is a titanic task.
I helped to recover my nearby hospital as a volunteer when it was ransomwared. The poor two IT guys over there has no idea how to recover and the official help was pityful.
I also helped with a ransomware attack on a large company. The effort people had to do to remember why something was that way, or just remember whatever was colossal. Sure a lot of things were "documented" and "tested" but reality hit hard.
Working for a company in Germany which is planing production 3 months in advance using printed Excel sheets. The migration of ERP system gone wrong and nobody knows how to fix it. Production management tries to hide this fact and does not talk to the engineering department. This will go for years, consultants will gather their fees for non functional system. Obviously IT infrastructure is not needed for manufacturing. It is just nice to have.
Cyber warfare is really reaching a new peak in Ukraine, and not just the more-traditional cyberattacks like this. The target is of note; the drones themselves are the thing that's setting this war apart from all of the primarily human powered wars of the past centuries.
Drones have revolutionized reconnaissance, sabotage, and munitions interception. Relative to their material cost, they can be terrifically destructive, and with the advances in image recognition in the past decade some are able to operate even when affected by electronic signal jamming. This is some very cyberpunk shit going on right now.
This was obviously a very high-value target, and Ukraine has shown themselves again to be masters of asymmetric warfare: taking out a sizable chunk of Russia's long range bombers using drones smuggled across Russia, and now impacting one of the centers of Russia's drone manufacturing. It is difficult to see how the war will end, but it is clear that Ukraine is not about to stop fighting.
I am working for a medium sized Swiss company. We're coding our own ERP, based on a nightmare of a stack. We call it "security by confusion". An attacker would maybe find its way in, but he'll never find the way out. If he destroys 90% of our code, we'll still be up and running, because 95% of the codebase is obsolete.
Not many companies explicitly prepare for the scenario where every single data storage unit in the company is effectively wiped and you have to redeploy from zero.
If you never bootstrap from zero (nor simulate this) then your systems probably have cycles in their deployment dependencies. Your config pusher is deployed from Jenkins/Puppet/Ansible but 2 years ago someone made Jenkins dependent on the config pusher for its own config. Now you cannot just deploy these systems in order, you have to replay the history before that change.
That's a very odd website. Blocked by the Russian government so you get a TLS error, once you get past that, you get the Cloudflare "you are blocked" page, and then you use a VPN and... get the option to read this article in Russian.
The headline of the article called these people cyber activists, and in the text of the article, they were called cybercriminals. Which is it? It reminds me a bit with the situation with privateers during the age of sail. These were often people operating at the edge of the law, or even outright outlaws, given a letter of marque, a license to raid warships and commerce against a specific adversary. I'm sure out on the high seas, abuses happen.
The people who put together the doctrine on 4th Generation Warfare talked about the blurring of civilian and military. Rules of engagement gets fuzzier.
I remember Steve Gibson saying some years back that the only reason USA doesn't (cyber-)'attack' Russia's train infra is the inability to 'hide the traces' of the attack, and it would be 'easily' attributed/mapped back to the USA causing (political) issues. Well, Ukraine doesn't have 'that' challenge.
On the other hand (and I'm not defending a drone company), anyone that has a business should know by now that ransomware (with our without deletion) is a real thing, and it's not an 'if' question, it's a 'when' question.
I have never worked with/for a Russian company, so it would be interesting to hear/read from someone who has, how 'well organized' are they? GRC-wise. Assuming that someone would run the COBIT framework on them (Russian companies), would the 'average' be 'ok' or it's a big mess (kinda like working for an EU company in early 00's)?
I wonder to what extent either side is worried about the firmware on the drones. Somehow getting tampered-with firmware onto the drones that your enemy is using seems like it would be valuable.
I'd bet that their stickiest problem will be restoring and replacing all the weird IT-OT interface parts (e.g. some random Windows 98 box which is the only thing can run the CNC). No one ever thinks to document or back up those things.
AI translation (to English) is off in places. "Ukrainian cybercriminals" is not in the original and was picked as the translation of the closest sounding full word.
Here is a translated version of the telegram message posted by the hacking team:
> LLC “Gaskar Integration” (Gaskar Group)—one of the largest UAV manufacturers in Russia—has just been penetrated right down to the tonsils in the course of demilitarization and denazification.
> VO Team, together with the Ukrainian Cyber Alliance (https://t.me/UCAgroup) and another very well‑known organization whose mere mention makes the vatniks’ bottle‑openings burst (https://gur.gov.ua/), carried out large‑scale operations: we seized all of Gaskar Group’s network and server infrastructure, gathered valuable data on their current and prospective UAVs, destroyed that data, and knocked the entire infrastructure offline.
> By the way, from the information we obtained, the PRC is helping Gaskar Group with production and staff training. China transferred technology for the newest UAVs—technology that is now in our hands .
> VO Team focused on wiping out the production complex’s infrastructure. On‑site we erased more than 250 hosts (4 ESXi servers, 46 virtual servers, 200+ workstations) and bricked about 20 MikroTik devices. In total we destroyed 47 TB of valuable data at Gaskar Group—including 10 TB of backups—and disabled all production and auxiliary systems.
> The scum at Gaskar Group have the blood of hundreds of Ukrainian children, women, and elderly on their hands. That’s why we went after this target with special zeal. We now possess the lists of ALL employees, their home addresses, information about their family members, and much more… We’re in your home computers and phones—we’re everywhere . Not a single bastard from Gaskar Group will escape responsibility!
> The sword of Damocles already hangs by a thin thread over your heads. It’s too late to spew excuses like “we’re apolitical” or “we were just making money”….
> The whole world can see that the so‑called Russian Federation has strategically lost everything. Defeat and collapse of that unwashed entity are only a matter of time. VO Team is collecting data on everyone involved in Putin’s criminal war—the deaths of our children, mothers, and all Ukrainians. Retribution is inevitable and is drawing near!
The source of this news is the Ukrainian military which seems to exaggerate and spread propaganda (as does every other country of course). I don't know why we accept this information as reliable.
> The attack destroyed over 47 TB of critical data,
I'm very dubious that there would be such an amount of “critical” data pretty much anywhere, besides the banking and insurance sector. And particularly not at a drone manufacturer.
What's interesting is that this whole challenge is making Russia stronger. Russia has increased its military industry and its now running full steam. Every attack is giving them an opportunity to harden. All of that is meaningless if it makes Russia stronger and more resilient to embargos and cyber/physical attacks in the long run.
For all of this to have meaning it has to have a fall of USSR kind of impact at some point, otherwise we just strengthened one of the world's most dangerous state.
Ukrainian hackers destroyed the IT infrastructure of Russian drone manufacturer
(prm.ua)684 points by doener 16 July 2025 | 480 comments
Comments
One day I decided to change my main disk and used the opportunity to rebuild everything from scratch and from backups. I was up in about an hour.
And then I spent a week fixing this and that, ah yes I changed that too and, crap, I cannot remember why this thingie is set up this way. And some more.
This is a one-man lab, with simple services, all on docker. I also work in IT.
Recovering from scratch a whole infrastructure managed by many people over the years is a titanic task.
I helped to recover my nearby hospital as a volunteer when it was ransomwared. The poor two IT guys over there has no idea how to recover and the official help was pityful.
I also helped with a ransomware attack on a large company. The effort people had to do to remember why something was that way, or just remember whatever was colossal. Sure a lot of things were "documented" and "tested" but reality hit hard.
Drones have revolutionized reconnaissance, sabotage, and munitions interception. Relative to their material cost, they can be terrifically destructive, and with the advances in image recognition in the past decade some are able to operate even when affected by electronic signal jamming. This is some very cyberpunk shit going on right now.
This was obviously a very high-value target, and Ukraine has shown themselves again to be masters of asymmetric warfare: taking out a sizable chunk of Russia's long range bombers using drones smuggled across Russia, and now impacting one of the centers of Russia's drone manufacturing. It is difficult to see how the war will end, but it is clear that Ukraine is not about to stop fighting.
If you never bootstrap from zero (nor simulate this) then your systems probably have cycles in their deployment dependencies. Your config pusher is deployed from Jenkins/Puppet/Ansible but 2 years ago someone made Jenkins dependent on the config pusher for its own config. Now you cannot just deploy these systems in order, you have to replay the history before that change.
The people who put together the doctrine on 4th Generation Warfare talked about the blurring of civilian and military. Rules of engagement gets fuzzier.
On the other hand (and I'm not defending a drone company), anyone that has a business should know by now that ransomware (with our without deletion) is a real thing, and it's not an 'if' question, it's a 'when' question.
I have never worked with/for a Russian company, so it would be interesting to hear/read from someone who has, how 'well organized' are they? GRC-wise. Assuming that someone would run the COBIT framework on them (Russian companies), would the 'average' be 'ok' or it's a big mess (kinda like working for an EU company in early 00's)?
So the foreign intelligence services gave them a button push so it's not a direct cyber war on Russia.
> LLC “Gaskar Integration” (Gaskar Group)—one of the largest UAV manufacturers in Russia—has just been penetrated right down to the tonsils in the course of demilitarization and denazification.
> VO Team, together with the Ukrainian Cyber Alliance (https://t.me/UCAgroup) and another very well‑known organization whose mere mention makes the vatniks’ bottle‑openings burst (https://gur.gov.ua/), carried out large‑scale operations: we seized all of Gaskar Group’s network and server infrastructure, gathered valuable data on their current and prospective UAVs, destroyed that data, and knocked the entire infrastructure offline.
> By the way, from the information we obtained, the PRC is helping Gaskar Group with production and staff training. China transferred technology for the newest UAVs—technology that is now in our hands .
> VO Team focused on wiping out the production complex’s infrastructure. On‑site we erased more than 250 hosts (4 ESXi servers, 46 virtual servers, 200+ workstations) and bricked about 20 MikroTik devices. In total we destroyed 47 TB of valuable data at Gaskar Group—including 10 TB of backups—and disabled all production and auxiliary systems.
> The scum at Gaskar Group have the blood of hundreds of Ukrainian children, women, and elderly on their hands. That’s why we went after this target with special zeal. We now possess the lists of ALL employees, their home addresses, information about their family members, and much more… We’re in your home computers and phones—we’re everywhere . Not a single bastard from Gaskar Group will escape responsibility!
> The sword of Damocles already hangs by a thin thread over your heads. It’s too late to spew excuses like “we’re apolitical” or “we were just making money”….
> The whole world can see that the so‑called Russian Federation has strategically lost everything. Defeat and collapse of that unwashed entity are only a matter of time. VO Team is collecting data on everyone involved in Putin’s criminal war—the deaths of our children, mothers, and all Ukrainians. Retribution is inevitable and is drawing near!
They should have checked the source codes and added some changes to make drones unpredictably unreliable
"Oh this totally innocent code change? Oh look it makes the gps act weird if longitude is between a certain range how weird"
- know your threats
- assess your risks based on identified threats
- backup 3-2-1 strategy (3 copies of your data on 2 independent storage places with 1 copy offline and offsite)
- "build the world from scratch" plan with the assumption that all infra is completely and irreversibly destroyed.
- assume you have already been hacked but you don't yet know about it. Build your indicators of compromise based on that simple assumption.
Observing how some "groups of people" act in a totally ignorant fashion is amusing.
I'm very dubious that there would be such an amount of “critical” data pretty much anywhere, besides the banking and insurance sector. And particularly not at a drone manufacturer.
For all of this to have meaning it has to have a fall of USSR kind of impact at some point, otherwise we just strengthened one of the world's most dangerous state.
Definitely one of the companies that everyone has heard of before. No need to mention any of their brand or product names, they're that famous.
$3 million revenue in 2024.
I'm sure we'll hear more about the epic defeat of this major military supplier in the future.