Lengthy disruption of Russian internet provider claimed by Ukrainian hacker group

A Ukrainian volunteer hacker group known as the IT Army has claimed responsibility for a cyberattack on Russian internet provider Lovit that disrupted services in Moscow and St. Petersburg for three days. 

The attack, which began on Friday, also prevented residents of apartment buildings using Lovit’s services from accessing their homes, as it disabled intercom systems. Businesses in affected buildings reported failures in payment terminals and loyalty programs, according to local media reports.

“Lovit crumbled under our pressure. Keep the pressure on. Let’s see how much more ‘resilience’ they’ve got,” the IT Army said in a statement on Monday. The group’s claims could not be independently verified.

Russia’s internet regulator, Roskomnadzor, said the distributed denial-of-service (DDoS) attack originated from servers and botnets across several countries, including the U.S., Germany, Sweden, Finland, the Netherlands, France, Croatia, the U.K. and Russia.

The attack targeted the company’s critical infrastructure and online systems, affecting Lovit’s mobile app, website and user accounts. Roskomnadzor said Lovit was unprepared for such a large-scale incident. As of Monday, the attack was still ongoing, and issues with the company’s services had not been fully resolved, the regulator added.

Lovit is the exclusive internet service provider for apartment complexes developed by Russia’s largest real estate firm, PIK. Lovit has previously faced criticism over its monopolistic position. Russian media reported that residents affected by the cyberattack now plan to file a collective complaint with Russia’s antimonopoly service, alleging that Lovit sets prices above market rates and blocks access to alternative providers.

One Lovit user, identified as Denis, described the impact of the attack to local media: “It’s been three days, and nothing is working — no internet, no intercoms, no cash registers in stores. Complete collapse.”

According to Russian cybersecurity firm Visum, the choice of Lovit as a target was likely deliberate. “It is the sole provider to most newly built residential complexes by PIK, making it possible to inflict maximum damage,” the company told local media, adding that other facilities using Lovit’s network — such as hospitals, schools, and kindergartens — may have also been affected.

Russian internet providers are increasingly targeted by pro-Ukrainian hackers, including the IT Army. According to a recent report by a Russian cybersecurity firm, the number of cyberattacks launched by the IT Army against Russia has risen sharply over the past year, with a growing focus on regional telecom operators.

In January, another pro-Kyiv hacker group, the Ukrainian Cyber Alliance, claimed responsibility for an attack on Russian internet provider Nodex, saying it had destroyed the company’s infrastructure. Nodex later confirmed the breach.

Around the same time, major provider Rostelecom announced it was investigating a suspected cyberattack on one of its contractors after a hacker group called Silent Crow claimed to have leaked thousands of customer emails and phone numbers allegedly stolen from the company.

Earlier in March, Russian telecom company Beeline was hit by a DDoS attack that disrupted its services. The attack on Beeline followed a similar disruption at Russian telecom giant MegaFon in January, which was also attributed to a large-scale DDoS attack. Local cybersecurity experts said the attacks on Beeline and MegaFon rank among the most significant hacktivist cyberattacks targeting the telecom sector this year.

Previous reports by Russian cyber experts indicated that over 30% of all DDoS attacks in Russia targeted telecommunications companies last year, with at least 90% of them attributed to politically motivated threat actors.