Russia's Industrial Sensor and Monitoring Infrastructure has been disabled:
Hacked data is available at

It includes Russia's Network Operation Center (NOC) to monitors and control Gas, Water, Firealarm
and many others, including a vast network of remote sensors and IoT controllers. A total of 87,000
sensors have been disabled.

- Initial access June 2023.
- Access to 112 Emergency Service. 
- 87,000 sensors and controls have been disabled (including Airports, subways, gas-pipelines, ...).
- Fuxnet (stuxnet on steroids) was deployed earlier to slowly and physically destroy sensory equipment
  (by NAND/SSD exhaustion and introducing bad CRC into the firmware). (YouTube Video 1, YouTube Video 2).
- Fuxnet has now started to flood the RS485/MBus and is sending 'random' commands to 87,000 embedded
  control and sensory systems (carefully excluding hospitals, airports, ...and other civilian targets).
- All servers have been deleted. All routers have been reset to factory reset. Most workstations (including
  the admins workstations) have been deleted.
- Access to the office building has been disabled (all key-cards have been invalidated).
- Moscollector has recently been certified by the FSB for being 'secure & trusted' (picture included)
- Defaced the webpage (

The media pack, screenshots and videos are available here: (.onion)

It contains:
- GPS coordinates of all 87,000 sensors
- Database of their internal and secure Messaging Platform (Dialog; used by Moscollector employees).
- Screenshots of the Network Operation Centre
- Screenshots of servers, routers, databases, ...
- Screenshots of maps, blueprints of buildings, ... etc etc
- Screenshots accessing their domain registrar
- Screenshots of FuxNet source code and mode of operation
- Video of FuxNet deploying and disabling the sensors
- Selected dumps of their firewall and router configs.

The Op was conducted by BlackJack.

--- After takedown report, 9th of April 19:58 UTC
- About 1,700 sensor routers were destroyed. The central command-dispatcher and DataBase has been destroyed.
  => All 87,000 sensors are offline
- Key-cards to enter the office and server rooms have been invalidated
- All databases have been wiped.
- All mail has been wiped.
- A total of 30TB of data has been wiped. Including the backup drives.
- Zabbix and other internal staging and monitoring servers have been wiped.
- All admin workstations and most user workstations have been wiped.
- Exhausted the corporate credit card.
- Took control of their domain "".
  => Our server stats: WEB Traffic, Email Traffic
- Took down their Firewall and disabled their Internet.
- Webpage has been defaced:
- Took over their Facebook: Blackjack Was Here, Slava Ukraini
- Disabled 566 of their SIM cards / phones.
- Data published at
--- Addendum, 15th of April 13:47 UTC
- The fine people at Team82 wrote a report on FuxNet
- Updated with all 2,659 IPs of the sensor-gateways
  that were attacked. The list comes from bash_history, smvu and smvu2 databases found
  on various hosts of the target.
- About 1,700 of the sensor-gateways were reachable and successfully attacked.
- Uploaded some more screenshots about the multi-arch FuxNet binary and the Meter-Bus fuzzer/flooder.
- We disabled smsd and all other means to reboot the sensor-gateways. Thus the sensor-gateways
  will keep flooding the Meter-Bus until somebody physially turns off the gateways.
- The most under-reported dataset are the GPS coordinates of all sensors.
  It shows sensors with GPS coordinates in and around the Kremlin and sensors in other cities (not just Moscow).
--- Addenum, 20th Jun 2024:
- Video: SANS ICS Security Summit on FuxNet
- Claroty Team82 on FuxNet
- Unveiling FuxNet