Russian satellite telecom Dozor hit by hackers

Dozor-Teleport, a Russian satellite communications provider used by the country’s Ministry of Defense and security services, was hit by hackers aligned with the private military corporation (PMC) Wagner.

Attackers targeted the satellite communication provider’s infrastructure, damaging user terminals. According to a pro-Ukrainian hacker and malware historian Herm1t, attackers could’ve severely damaged client equipment and the network core.

According to the Internet Outage Detection and Analysis (IODA) project, run by the Internet Intelligence Research Lab, the Dozor network has been down for 14 hours since 02:00 AM UTC to approximately 4 PM UTC on June 29.

We contacted Dozor-Teleport for comment but did not receive a reply before publishing this article. The company’s website was unresponsive at the time of writing this article.

According to Herm1t, Dozor-Teleport is used by Russia’s Ministry of Defense, ships of the Northern Fleet, the Federal Security Service (FSB), Rosatom, and other organizations. The network is also used by users in remote areas, such as tankers of Russia’s energy companies like Gazprom.

Meanwhile, users on Telegram channel managed by Herm1t, RUH8, noted that the attack mirrors Russia’s cyberattack on Viasat’s satellites on the night of the February 24th, 2022, invasion.

Viasat’s officials said the cyberattack was done by compromising and exploiting systems that manage customer terminals. The incident affected tens of thousands of terminals across Europe, demonstrating the dangers of relying on communications on commercial satellites.

“Finding firmware for satellite modems and switches when you are sailing on a Gazprom tanker in the middle of the ice will not be easy,” a user said on RUH8 Telegram, adding that it can take from days to weeks to restore the connection.

Interestingly, the culprits behind the attack try to portray themselves as associated with Yevgeny Prigozhin-led PMC Wagner, which recently attempted a march on Moscow. Earlier this week, researchers discovered a ransomware strain called Wagner ,that infects user devices and invites them to join the PMC Wagner.

wagner message 2
Alleged message from PMC Wagner on the defaced websites. Image by Cybernews.

The attackers supposedly defaced several Russian websites, publishing a message from the PMC Wagner claiming responsibility for the attacks. However, the Telegram page of the supposed attackers is not the same one used by PMC Wagner.

If confirmed, the attack would not be the first time hackers targeted Russian satellite networks. Last year, pro-Ukrainian hackers said they penetrated Gonets, a Russian low Earth orbit (LEO) satellite communications network, deleting a database that was crucial to its functioning.

Meanwhile, a group of hackers affiliated with Anonymous, NB65, said they disrupted Russia’s vehicle monitoring system by targeting Roscosmos, the Russian space agency.

Updated on June 30th [11:50 AM GMT].