A previously unknown group of hackers has taken credit for launching a cyberattack on the Russian satellite communications provider, Dozor-Teleport. This company is utilized by energy firms as well as Russia’s defense and security services. According to Doug Madory, the head of internet analysis at Kentik, Dozor-Teleport has been disconnected from the internet and is currently inaccessible. The outage began at 10 p.m. EST on Wednesday, as reported by the IODA project, which monitors global internet outages. Additionally, Dozor’s website is currently unavailable.
Amtel Svyaz, the parent company of Dozor, also experienced a significant outage on Wednesday. The hackers claim to be affiliated with the Wagner Group, a notorious Russian private mercenary army that recently attracted global attention when it marched toward Moscow in rebellion against the Russian government before returning to their positions. Their commander, Yevgeny Prigozhin, fled to Belarus.
The hack on Dozor has been deemed legitimate by some experts, including Tom Hegel, a threat researcher at SentinelLabs, although the Wagner Group’s involvement has been met with skepticism. The hackers assert that they caused damage to satellite terminals and leaked and destroyed confidential information stored on Dozor’s servers. They have shared 700 files, consisting of documents and images, on a leak site and a newly created Telegram channel.
One of the leaked documents appears to be an agreement granting Russian security services access to subscriber information from Amtel Svyaz, although its authenticity has not been verified by Recorded Future News. Restoring Dozor’s core network could potentially take several days to weeks, and achieving full restoration, including reprogramming user equipment, may require several months.
Dozor has not responded to inquiries regarding the cyberattack. This incident follows the attack on Viasat, another satellite telecommunications service provider, which occurred on the day Russia invaded Ukraine. The Viasat attack disabled the modems of tens of thousands of European customers and posed a significant threat to Ukraine’s defense against Russian forces. However, Viasat’s network is larger than Dozor’s, with only around half of its routers affected.
Furthermore, on Thursday, other Russian websites were defaced, allegedly by the Wagner Group. However, experts, including former Russian journalist Oleg Sharikov, cast doubts on these claims, suggesting they could be “Ukrainian false flag trolling.” Sharikov expressed skepticism about Wagner’s involvement, deeming it highly unlikely.