Pages

5 July 2023

Russian satellite comms firm Dozer taken offline by Wagner-affiliated hacker group - report

Dan Swinhoe 

A Russian satellite communications firm was taken down in what is reported to be a cyber attack.

Russian satellite communications provider Dozor-Teleport was taken down yesterday, with a Wagner-affiliated group taking credit.

Dozor-Teleport is reportedly used by Russia’s Ministry of Defense, ships of the Northern Fleet, Russian energy firm Gazprom, remote oil fields, the Bilibino nuclear power plant, the Federal Security Service (FSB), Rosatom, and other organizations.

Internet monitoring firms NetBlocks, Kentik, and Ioda, all confirmed the company had been taken offline.

“Confirmed: Metrics show a disruption to satellite internet provider Dozor-Teleport which supplies Russia's FSB, Gazprom, Rosatom, and military installations; the incident comes amid a wave of cyberattacks by a group claiming affiliation with Wagner PMC,” NetBlocks said.

“We can confirm that Russian satellite operator Dozor Teleport (AS41942) left the global routing table at about 02:00 UTC earlier today. It is now unreachable, reportedly due to a cyber attack,” Doug Madory, director of Internet Analysis at Kentik said yesterday.

Ioda’s monitoring suggests the company is back online, after being fully down for around 16 hours and working at reduced capacity for a further 17 hours.

Kentik's Madory also reported that Amtel Svyaz, parent company of Dozor Teleport, also suffered a significant outage beginning at 02:00 UTC on June 29, but is largely operating as normal now.

Founded in 2005, Dozer describes itself as a VSAT fixed satellite communications operator and systems integrator, providing a wide range of telecommunications satellite communications services for enterprises. The company utilizes capacity on four satellites and has communication nodes located in the cities of Moscow, St. Petersburg, and Krasnoyarsk.

The group claiming to be behind the hack says they are affiliated with Russian mercenary firm the Wagner Group.

“PMC Wagner has announced that they have taken down the satellite provider Dozor-Teleport and damaged user terminals. Their rivalry with the RU MoD is manifesting in an unusual way,” said Herm1t, a spokesperson for cyber activist group the Ukrainian Cyber Alliance.

The hackers claim that they damaged some of the satellite terminals and leaked and destroyed confidential information stored on the company's servers. The group posted 700 files, including documents and images, to a leak site, as well as some to their newly created Telegram channel.

The Dozor hack “appears to be legitimate and has indeed had an impact,” said Tom Hegel, a threat researcher at cybersecurity firm SentinelLabs, told The Record. Some Russian policy observers, however, are skeptical that the group is actually connected to Wagner.

Cybersecurity firm Cyble has reported a new strain of ransomware – based on a variant of Chaos ransomware – that also claims to be affiliated with Wagner.

The Yevgeny Prigozhin-led state-funded paramilitary group Wagner has long been seen as Putin’s private army and has been involved in a number of conflicts globally. After months of fighting in Ukraine, the group this week rebelled against perceived mismanagement by Russian defense officials, took control of the Russian city of Rostov-on-Don, and began marching towards Moscow. After a purported intervention by Belarusian president Alexander Lukashenko, the group ceased marching towards the Russian capital, with Prigozhin and Wagner soldiers reportedly relocating to Belarus.

Last year, pro-Ukrainian hacker group One-First said they penetrated Gonets, a Russian low Earth orbit (LEO) satellite communications network via the company’s customer management system.

In March, NB65, a group of hackers affiliated with Anonymous said they disrupted Russia’s vehicle monitoring system by targeting Russian space agency Roscosmos

Last year, in the wake of Russia’s invasion of Ukraine, satellite operator Viasat was taken offline by what it says was a “multifaceted and deliberate” cyberattack.

SpaceX’s Starlink service has been heavily utilized by Ukraine during the conflict due to damage caused to its terrestrial networks.

No comments:

Post a Comment