Ukrainian hackers disrupt internet providers in Russia-occupied territories

Ukrainian hackers have temporarily disabled internet services in parts of the country’s territories that have been occupied by Russia.

The group of cyber activists known as the IT Army said on Telegram that their distributed denial-of-service (DDoS) attack took down three Russian internet providers — Miranda-media, Krimtelekom, and MirTelekom — operating in the territories.

“This is yet another blow by our cyber army disrupting enemy military communication at the frontlines,” the hackers said.

Early on Friday, Russian internet operators confirmed that they had experienced an “unprecedented level of DDoS attacks from Ukrainian hacker groups,” temporarily disrupting their operations. The attack affected services such as cellular networks, phone calls, and internet connections.

On Friday evening, Miranda-media reported that it had restored 80% of its services, including those provided by it and two other affected operators for law enforcement agencies, government organizations, and “socially significant services.” The operator’s security experts said that DDoS attacks were “carefully planned by cybercriminals.”

DDoS attacks work by flooding targeted systems with junk traffic, making them unreachable.

On Saturday, internet connections in certain regions of Crimea were still disrupted as operators worked to improve their network resilience.

After occupying parts of eastern Ukraine and the Crimea peninsula, Russia disconnected Ukrainian telecommunications infrastructure there and rerouted internet traffic through Russia's network instead. Ukraine strongly criticized this move, saying that Russia wants to make its propaganda “an uncontested source of information.”

The attacks on Russian internet operators, including those operating in occupied territories, have happened before.

Ukraine's IT Army targeted Crimean internet operators earlier in October, and one of the attacks reportedly disabled surveillance cameras in a city in western Crimea.

“Isolating the peninsula's logistics and infrastructure is crucial for its eventual liberation and to hinder military supplies,” the hackers said.

In July, a previously unknown group of hackers targeted a Russian satellite communications provider, which is used by energy companies, as well as the country's defense and security services.

In Ukraine, telecommunication service providers are also frequently targeted by Russian hackers, according to Illia Vitiuk, the head of the cyber department at the Security Service of Ukraine, known as the SBU.

In a previous interview, Vitiuk told Recorded Future News that Russia recently made a “serious attempt” to breach one of Ukraine's three telecom operators. The Ukrainian cybersecurity services thwarted this attack, but a successful penetration could lead to eavesdropping, and interception of phone calls and messages.

Besides, if one of the providers were to go offline, the other two would be unable to operate as they would become overloaded, Vitiuk explained.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
What is Threat Intelligence
No previous article
No new articles
Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.