Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Russian satellite internet operator taken down by possible Wagner hack

As the political and military fallout continues following the Wagner Group’s aborted mutiny last month, the cyber fallout is extensive as well. A Russian satellite internet operator was recently taken offline by hackers purporting to be affiliated with the private military company (PMC).

user icon David Hollingworth
Tue, 04 Jul 2023
Russian satellite internet operator taken down by possible Wagner hack
expand image

The hackers said in a Telegram post that they had taken down the service and even exfiltrated some data, posting it alongside their message as proof of the operation.

“The Dozor satellite provider (Amtel group of companies), which serves power lines, oil fields, military units of the Russian Defense Ministry, the Federal Security Service, the pension fund and many other projects, including the northern merchant fleet and the Bilibino nuclear power plant, went to rest,” the first post (translated by Google) in the Telegram channel read.

“Part of the satellite terminals failed, the switches rebooted, [and] the information on the servers was destroyed.”

============
============

Dozor-Teleport was confirmed to have suffered a complete disruption to its services on 30 June by internet monitoring service NetBlocks, but the actual source of the hack remains up in the air.

The posted Dozor documents included network diagrams taken from the company’s internal wiki and other internal documents.

The hackers also posted links to a number of websites they had taken over and defaced with pro-Wagner slogans.

“The whole world watched our actions, listened to our every word,” one site still said. “We have shown how easily we can reach Moscow in a day without encountering any resistance.”

The disruption to the satellite service could take weeks or even months to recover from, Russian sources report. For now, the service remains very limited, with frequent outages, according to monitoring by the Georgia Institute of Technology.

Some observers, however, feel this operation was likely a false flag attack by Ukrainian hackers, simply hoping to further confuse matters.

“There’s a new claim that Wagner attacked a satellite internet provider called Dozor, reportedly used by Russian mil, security agencies, etc.,” said cyber and foreign policy commentator Oleg Shakirov in a tweet. “Its website is indeed down, and some data has been leaked. But Wagner’s involvement is very unlikely.”

The takedown of the satellite operator is just one facet of the cyber fallout from the failed putsch. Yevgeny Prigozhin, the Wagner Group chief, also operated a number of media outlets under his publishing company Patriot Media. The Federal Service for Supervision of Communications, Information Technology and Mass Media, aka Roskomnadzor, has now blocked all of them, and staff have been told a new owner is being sought. According to the independent Russian-language news site The Bell, employees have been told that they should “write letters of resignation of their own free will”.

“I am announcing our decision to close down and to leave the country’s information space,” Yevgeny Zubarev, director of Patriot Media’s RIA FAN news agency, said in a video posted on social media.

Prigozhin’s Internet Research Agency has also been shut down. The agency — also called “the troll factory” — took part in extensive pro-Russian influencing operations on social media, including attempts to influence recent US elections.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.