In a significant cyber operation, Ukrainian hacktivist groups BO Team (Black Owl) and the Ukrainian Cyber Alliance, in collaboration with Ukraine’s military intelligence agency, have reportedly infiltrated and disrupted the operations of Gaskar Group, a prominent Russian drone manufacturer. This coordinated cyberattack, announced on July 14, 2025, via Telegram, underscores the escalating digital front in the ongoing conflict between Ukraine and Russia.
Infiltration and Data Exfiltration
The attackers claim to have gained comprehensive access to Gaskar Group’s network and server infrastructure. This breach allowed them to extract sensitive information regarding the company’s unmanned aerial vehicle (UAV) production. The exfiltrated data includes detailed schematics, production logs, and employee records, providing valuable intelligence on Russia’s drone capabilities.
Destruction of Data and Systems
Following the data extraction, the hacktivists assert they destroyed approximately 47 terabytes of data, including 10 terabytes of backup files. This deliberate data destruction has reportedly incapacitated Gaskar Group’s production and auxiliary systems, effectively halting their manufacturing processes. Employees have been locked out of critical software and physical access systems, rendering the company’s operations non-functional.
Technical Aspects of the Cyberattack
The cyberattack was executed with a high level of sophistication. The attackers initially identified vulnerabilities in Gaskar Group’s remote desktop services and outdated VPN gateways. Exploiting a zero-day vulnerability in a third-party web application firewall, they established an initial foothold within the corporate network. Custom malware was then deployed, utilizing Windows Management Instrumentation (WMI) to facilitate lateral movement and credential harvesting.
The malware featured a dual-stage loader written in C++ and PowerShell. The first stage established persistence through a malicious WMI subscription, while the second stage decrypted a reverse-shell implant in memory. Communications were tunneled over TLS using forged certificates mimicking the company’s public key infrastructure, complicating detection and attribution efforts. The command-and-control infrastructure was hosted on compromised industrial control system servers, further obfuscating the attack’s origin.
Implications for Russian Drone Warfare
The disruption of Gaskar Group’s operations could have significant implications for Russia’s drone warfare capabilities. The Ukrainian Cyber Alliance suggests that this cyberattack may delay the deployment of thousands of drones to the battlefield, potentially impacting Russia’s military operations. Given the increasing reliance on UAVs in modern warfare, such a setback could influence tactical outcomes on the ground.
Context of Cyber Warfare in the Russia-Ukraine Conflict
This cyberattack is part of a broader pattern of cyber warfare that has characterized the Russia-Ukraine conflict. Both nations have engaged in cyber operations targeting each other’s critical infrastructure and military assets. For instance, in December 2023, Ukraine’s largest mobile network operator, Kyivstar, experienced a massive cyberattack attributed to Russian-linked hackers, disrupting services nationwide and affecting critical systems, including air raid warnings.
Conversely, Ukrainian cyber forces have conducted operations against Russian targets. In February 2024, Ukraine’s Main Intelligence Directorate (HUR) reportedly accessed Russia’s defense ministry’s electronic document management system, exposing detailed information about high-ranking military personnel and classified documents. Additionally, in July 2024, Ukrainian intelligence services launched cyberattacks against Russian financial institutions and technology sectors, causing widespread disruptions.
Gaskar Group’s Response
Gaskar Group has reportedly denied the effectiveness of the cyberattack, asserting that their operations remain unaffected. However, the extent of the damage and the veracity of these claims are challenging to verify independently. The hacktivist groups have hinted at the possibility of further actions against similar targets, indicating that this cyber operation may not be an isolated incident.
Broader Implications
The cyberattack on Gaskar Group highlights the evolving nature of warfare, where cyber operations can have tangible impacts on physical military capabilities. It underscores the importance of robust cybersecurity measures for defense contractors and the potential vulnerabilities that can be exploited by adversaries. As the conflict continues, both Ukraine and Russia are likely to invest further in cyber capabilities, making cyberspace an increasingly contested domain.
Conclusion
The reported cyberattack by Ukrainian hacktivists on Russia’s Gaskar Group represents a significant development in the cyber dimensions of the ongoing conflict. By infiltrating and disrupting a key component of Russia’s drone manufacturing capabilities, Ukrainian cyber forces have demonstrated the strategic value of cyber operations in modern warfare. This incident serves as a reminder of the critical role cybersecurity plays in national defense and the potential consequences of cyber vulnerabilities in the defense industry.
