Ukrainian military intelligence operatives reportedly executed a sophisticated cyber operation against Gaskar Integration, one of Russia’s principal suppliers of unmanned aerial vehicles (UAVs), incapacitating its network and exfiltrating vast troves of technical data.
According to a source within Ukraine’s Main Intelligence Directorate (GUR), the strike targeted Gaskar’s primary servers and backup systems, crippling both production and administrative functions.
The operation, which unfolded over several weeks, has been credited jointly to the GUR Cyber Corps, the Ukrainian Cyber Alliance, and the BO Team hacker collective.
In early July 2025, operators initiated the compromise by exploiting an unpatched remote desktop service used by Gaskar Integration’s development center.
After identifying outdated versions of an industry-standard virtualization platform on Gaskar’s intranet, attackers deployed a custom exploit chain that culminated in the execution of a bespoke loader.
This loader established persistent access via an SSH backdoor camouflaged within legitimate system processes.
Once inside, the intruders escalated their privileges through a zero-day kernel vulnerability, allowing them to move laterally across the facility’s segmented network.
From a concealed command-and-control server, the attackers remotely manipulated an in-house asset management tool, thereby obtaining administrative credentials for both production servers and the company’s primary storage arrays.
This access path was leveraged to audit data repositories and exfiltrate 47 terabytes of proprietary information, including drone flight-control algorithms, electronic warfare firmware, and aerodynamic testing logs.
Simultaneously, 10 terabytes of encrypted backup files were systematically targeted and destroyed, effectively erasing Gaskar’s operational redundancy.
The stolen payload was not limited to technical schematics; it also included confidential employee records and human resources questionnaires.
These dossiers revealed organizational structures, the skill sets of engineering teams, and contractor itineraries, offering Ukrainian forces valuable insights into future supply-chain vulnerabilities.
To conceal the exfiltration, the attackers employed a multi-stage data compression and fragmentation tool that dispersed packets via compromised third-party cloud nodes, evading perimeter monitoring and triggering minimal anomaly alerts.
As a result of the breach, Gaskar Integration’s factory-floor software—responsible for CNC machine control, assembly-line robotics, and parts-ordering systems—was rendered inoperative.
The accounting and internet gateways were simultaneously taken offline, leaving production personnel isolated with no access to digital tooling.
Physical factory gates are automatically locked under a safety fail-safe, forcing personnel to evacuate through designated emergency exits.
According to on-site witnesses, production lines remained halted for three consecutive days, and corporate networks were only restored after an exhaustive forensic purge.
Experts suggest this cyber operation could significantly degrade Russia’s UAV deployment rate on the front lines, as Gaskar Integration supplies a substantial portion of tactical reconnaissance and loitering munitions used by Russian ground units.
The compromise of flight-control source code and hardware-in-the-loop simulation data may allow Ukrainian engineers to develop counter-drone measures more rapidly.
Moreover, the exposure of Gaskar’s personnel network could facilitate targeted influence operations against key designers and decision-makers.
This incident underscores Ukraine’s growing proficiency in cyber-offensive capabilities and highlights the increasing role of intelligence-driven hacking within modern hybrid warfare.
While full details of the operation remain classified, the public disclosure by Hromadske suggests a deliberate intent to degrade an adversary’s industrial capacity and demonstrate the strategic potency of cyber tactics in contemporary conflict.
PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version…
Unit 42 researchers at Palo Alto Networks exposed serious flaws in the Model Context Protocol…
Polish police have arrested three Ukrainian men traveling through Europe and seized a cache of…
Google has launched its most significant Chrome update ever, embedding Gemini AI across the browser…
Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by…
Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for…