Blackjack’s Big Win: How a Ukrainian Hacker Group Exposed Russia’s Military Weaknesses

Christian Baghai
3 min readJan 24, 2024

The recent cyberattack by a Ukrainian hacker group called Blackjack on a Russian state enterprise has exposed the vulnerabilities and shortcomings of Russia’s military cybersecurity. The hackers, who are linked to the Defense Intelligence of Ukraine (GUR), managed to steal 1.2 terabytes of classified data, including maps of over 500 Russian military bases in Russia and occupied Ukraine, and information on Russian military command and control, air defense, and weapon storage. They also deleted the data from seven Russian servers and disabled or encrypted 150 computers of Russian contractors. This is a major blow to Russia’s national security and military readiness, as it exposes the locations, capabilities, and weaknesses of its forces to its enemy.

The cyberattack also reveals the stark contrast between the cyber capabilities and strategies of Ukraine and Russia, who have been engaged in a hybrid war since 2014. While Russia has relied on conventional military force, propaganda, and misinformation to achieve its political and territorial goals, Ukraine has developed a more sophisticated and agile cyber defense and offense, supported by its allies and partners. According to , both Ukraine and Russia have been increasing cyberattacks against each other, citing examples of Russia hacking Kyiv surveillance cameras to target civilians with missiles, and Ukraine hacking a Russian drone to shell its operators. However, Ukraine seems to have an edge over Russia in terms of cyber innovation and resilience, as it has learned from its experiences and invested in its cyber infrastructure and human capital.

One of the factors that may explain the difference in cyber performance between Ukraine and Russia is the quality of their cybersecurity training within the military. It is indeed relevant to question the quality of Russia’s cybersecurity training, and compare it to the US military’s cyber training, which is described as robust but cheesy. While the US military has developed a comprehensive and rigorous cyber training program for its personnel, covering topics such as cyber hygiene, threat awareness, incident response, and cyber warfare, Russia’s military cyber training seems to be lacking in depth and effectiveness. A 2019 report by the US Department of Defense Inspector General revealed serious lapses in cybersecurity across multiple US military agencies, and the risks posed by hackers to US Army hospitals and healthcare records. If the US military, which is considered to be one of the most advanced and well-funded in the world, has such gaps and vulnerabilities in its cybersecurity, how much worse is the situation for the Russian military, which has less resources and expertise in this domain?

The cyberattack by Blackjack also raises the question of how Ukraine might use the stolen data to plan covert and strategic operations against Russian bases, by analyzing the layout, structure, facilities, security, and vulnerabilities of the sites. The data could provide valuable intelligence and insights for Ukraine’s military and intelligence agencies, as well as its allies and partners, to devise and execute effective and precise attacks on Russia’s military assets and personnel. The data could also be used to expose and undermine Russia’s propaganda and misinformation campaigns, by revealing the true extent and nature of its military involvement and aggression in Ukraine and beyond. Furthermore, the data could be leveraged to deter and dissuade further Russian escalation and provocation, by demonstrating Ukraine’s cyber capabilities and resolve.