Russian telecom Beeline facing outages after cyberattack

Some Russians had their internet disrupted on Monday due to a targeted distributed denial-of-service (DDoS) attack on the telecom Beeline — the second major attack on the Moscow-based company in recent weeks.

Beeline confirmed the attack to local media following reports from several outage-tracking services and user complaints. The provider has more than 44 million subscribers. 

Data from the internet monitoring service Downdetector indicates that most Beeline users in Russia faced difficulties accessing the company’s mobile app, while some also reported website outages, notification failures and internet disruptions.

Russia’s communications watchdog, Roskomnadzor, reported that subscribers in Moscow and surrounding regions had filed mass complaints over connectivity issues following Monday’s incident.

Beeline stated in a comment to state news media that its specialists had identified the issue and taken measures to stabilize services. The company did not provide further details on the scope or impact of the attack.

Earlier in February, a similar attack caused widespread disruptions to Beeline, bringing down the company’s website and mobile application while also affecting home and mobile internet services.

The attack on Beeline follows a similar disruption at Russian telecom giant MegaFon in January, which was also attributed to a large-scale DDoS attack. A cybersecurity source cited by Forbes Russia said the attack on Beeline in February and the earlier MegaFon incident rank among the most significant hacktivist cyberattacks targeting the telecom sector this year.

“Both attacks were multi-vector and large-scale. The volume of malicious traffic was identical, but MegaFon faced an attack from 3,300 IP addresses, while Beeline was targeted via 1,600, resulting in a higher load per IP address,” the source told Forbes.

​​Beeline was previously owned by Veon, a Netherlands-based company that also owns Ukraine's Kyivstar. Following the invasion of Ukraine, Veon began divesting its Russian operations and sold its Russian assets, including Beeline, as part of its exit strategy. 

In 2023, Kyivstar suffered one of the largest Russia-linked cyberattacks, disrupting services for several days. Veon estimated the attacks cost nearly $100 million.

The attack on Beeline comes amid a broader wave of cyber incidents in Russia’s telecommunications sector.

In January, major provider Rostelecom announced it was investigating a suspected cyberattack on one of its contractors after a hacker group called Silent Crow claimed to have leaked thousands of customer emails and phone numbers allegedly stolen from the company.

Around the same time, the Ukrainian Cyber Alliance claimed responsibility for an attack on Russian internet provider Nodex, saying it had destroyed the company’s infrastructure overnight. Nodex later confirmed the breach.

In November, one of the largest integrators in the Russian telecommunications market, Rapporto, also reported a cyberattack on its infrastructure.

Previous reports by Russian cyber experts indicated that over 30% of all DDoS attacks in Russia targeted telecommunications companies last year, with at least 90% of them attributed to politically motivated threat actors.