Ukrainian cyber unit cripples major Russian logistics firm Eltrans+ in overnight strike

A coordinated Ukrainian cyber operation disabled the digital backbone of Eltrans+, one of Russia’s largest logistics and customs brokerage companies, in an overnight attack on December 6 that wiped critical data, shut down core infrastructure, and disrupted services for thousands of businesses across the country.

Eltrans+, a major provider serving more than 5,000 Russian companies involved in shipping, customs processing, and industrial supply chains, was hit with a full systems blackout in the early hours of the morning. Visitors to the company’s website awoke to a message marking Ukraine’s Armed Forces Day, signaling the scale and intent of the operation carried out by Ukraine’s Defense Intelligence cyber unit, known as HUR, in partnership with the hacker collective BO Team.

The strike dismantled more than 700 computers and servers, erased more than 1,000 user accounts, and destroyed or encrypted 165 terabytes of essential corporate data. The company’s core data center equipment was rendered inoperable, and cargo declarations used to move goods through Russia’s customs system were fully deleted, halting a critical part of the firm’s operations. Eltrans+ is also involved in transporting sanctioned goods and electronic components from China that support Russia’s defense industrial base.

Ukrainian cyber specialists initiated the operation during the night, targeting the information and communications infrastructure that underpins Eltrans+’s nationwide logistics activity. The takedown reflects a broader pattern of offensive cyber operations pursued by HUR since mid-2024, aimed at dismantling strategic Russian networks and degrading infrastructure tied to military or governmental functions.

A series of major cyber strikes preceded the Eltrans+ attack. On June 12, Ukrainian operatives hit Siberia’s Orion Telecom, a regional telecommunications provider, causing widespread internet and television outages across Krasnoyarsk, Irkutsk, Bratsk, and Abakan. The disruption resulted in more than 66 million rubles in losses.

On July 17, HUR breached the networks of Gazprom, Russia’s state-owned energy conglomerate, wiping data related to contracts, deliveries, and facility operations. The intrusion reached all of Gazprom’s information systems, representing one of the most extensive cyber penetrations recorded in Russia during the current conflict.

Between September 24 and 25, Ukrainian cyber units launched a distributed denial-of-service attack on Russia’s national payment system, SPB, causing an estimated 30 million dollars in financial damage. The attack also affected the major telecom operator TransTeleCom, triggering additional service disruptions.

Pro-Ukrainian hackers have expanded their efforts beyond infrastructure targets. During the 34th anniversary of Ukraine’s independence from Moscow, the group responsible for a significant breach of Russia’s national airline Aeroflot commandeered television broadcasts across the country, replacing regular programming with battlefield footage depicting the war in Ukraine.