Hackers claim to take down Russian satellite communications provider

A group of previously unknown hackers has claimed responsibility for a cyberattack on the Russian satellite communications provider Dozor-Teleport, which is used by energy companies and the country's defense and security services.

Doug Madory, the head of internet analysis at the network monitoring company Kentik confirmed to Record Future News that Dozor-Teleport has been disconnected from the internet and is currently unreachable.

Confirmed: Metrics show a disruption to satellite internet provider Dozor-Teleport which supplies Russia's FSB, Gazprom, Rosatom and military installations; the incident comes amid a wave of cyberattacks by a group claiming affiliation with Wagner PMCpic.twitter.com/rSoRyUFsWm

— NetBlocks (@netblocks) June 29, 2023

The network has been down since 10 p.m. EST on Wednesday, according to the IODA project, which tracks internet outages worldwide. The company’s website is also down at the time of writing.

Dozor’s parent company, Amtel Svyaz, also suffered a significant outage late on Wednesday, according to Madory.

The group behind the hack claims to be affiliated with the notorious Wagner Group, the Russian private mercenary army that made global headlines last week when it marched toward Moscow to rebel against the Russian government before returning to their positions. Its commander, Yevgeny Prigozhin, fled to Belarus.

There was no mention of the hack on the official Telegram channel of the Wagner Group and several experts expressed skepticism that the group was involved.

Nonetheless, the Dozor hack “appears to be legitimate and has indeed had an impact,” said Tom Hegel, a threat researcher at cybersecurity firm SentinelLabs.

The hackers claim that they damaged some of the satellite terminals and leaked and destroyed confidential information stored on the company's servers. The group posted 700 files, including documents and images, to a leak site, as well as some to their newly created Telegram channel.

One of the documents reveals a purported agreement that grants Russian security services access to subscriber information from Amtel Svyaz. Recorded Future News was unable to verify the authenticity of these documents.

If the claims about damage to Dozor services are true, the process of restoring the core network could span from a few days to several weeks, while reprogramming user equipment and achieving full restoration may take several months, according to Sean Townsend, the spokesperson for the Ukrainian Cyber Alliance Sean who is also known online as "Herm1t."

Dozor did not respond to inquiries about the attack.

The cyberattack on Dozor would be the second major breach of a satellite telecommunications service provider, following the attack on Viasat, which occurred on the day Russia invaded Ukraine. The Russian attack on Viasat disabled the modems of tens of thousands of European customers and posed a serious threat to Ukraine as it prepared to defend itself against Russian forces.

Viasat’s network is much larger than Dozor’s, however, and only about half of its routers went down, Madory told Record Future News.

On Thursday, other Russian websites were defaced, allegedly by the Wagner Group — another claim met with doubts from experts, including former Russian journalist Oleg Sharikov, who said both campaigns could be “Ukrainian false flag trolling.”

“Wagner’s involvement is very unlikely,” he said.

Some Russian websites have also been defaced presumably on behalf of Wagner (disgruntled that Russia didn't fulfill it's part of the bargain). But again this looks like Ukrainian false flag trolling pic.twitter.com/NSRL1Fsxte

— Oleg Shakirov (@shakirov2036) June 29, 2023

Updated June 30 with information about the Amtel Svyaz outage.