DDoS incident disrupts internet for thousands in Moscow

Tens of thousands of people in Moscow and nearby areas lost internet access for several days after a major DDoS attack targeted the Russian provider ASVT — an incident the company called one of the most severe of the year.

The attack, first detected on Tuesday, continued into Friday, disrupting ASVT’s mobile app, website and customer accounts. The provider serves mainly large residential complexes, where residents reported being unable to work remotely, pay at local shops using card terminals, or access their buildings due to disabled internet-based intercom systems.

ASVT said it is working with Russian state agencies, including communications regulator Roskomnadzor, to restore services. In a statement on Thursday, the company attributed the attack to the Ukrainian “IT Army,” a pro-Kyiv hacker collective known for targeting Russian infrastructure, although the group has not publicly claimed responsibility.

The incident echoes a similar disruption in March, when another provider, Lovit, was hit by a cyberattack that cut off service to over 200,000 residents in Moscow and St. Petersburg. The IT Army of Ukraine later claimed responsibility for that attack.

Both providers have faced scrutiny not only for cyber vulnerabilities but also for alleged monopolistic practices. Following the Lovit outage, residents of affected apartment blocks accused the company of blocking competitors and charging inflated prices. Russia’s Federal Antimonopoly Service has since launched a probe into Lovit’s business practices and is now looking into ASVT operation.

In addition to residential complexes, ASVT also provides services to government institutions and major enterprises in the Moscow area. It remains unclear whether those customers were affected.

Russian telecom firms have become frequent targets of pro-Ukrainian hackers amid the ongoing war. According to Russian cybersecurity analysts, over 30% of all DDoS attacks in Russia last year targeted telecom companies, with the vast majority believed to be politically motivated.

In January, the collective known as the Ukrainian Cyber Alliance claimed it had destroyed infrastructure belonging to Russian provider Nodex, a breach later confirmed by the company. Around the same time, another hacking group, Silent Crow, claimed to have stolen and leaked customer data from a contractor linked to Rostelecom, Russia’s largest telecom provider.