Russian Satellite Internet Downed via Attackers Claiming Ties to Wagner Group

Attribution for the cyberattack on Dozor-Teleport remains murky, but the effects are real — downed communications and compromised data.

Dark Reading Staff, Dark Reading

July 3, 2023

2 Min Read
Wagner Group patch and logo
Source: Nikolay Vinokurov via Alamy Stock Photo

Russian satellite Internet provider Dozor-Teleport was knocked offline in the early hours of June 29, dealing a communications blow to the company's customers, which according to reports include Russian military and energy interests.

The Wagner Group, the mercenary army once fighting for Russia, and now seemingly turned against Putin's government, claimed it was behind the cyberattack against the satellite communications provider. But experts aren't convinced.

Russian reports say full recovery of Dozor-Teleport could take up to two weeks. The company's general director Alexander Anosov confirmed the breach to Russian media, adding that early investigations show the company was breached through a third-party cloud provider.

The threat actors behind the compromise explained on Telegram they were able to deliver malware to several satellite terminals to take them offline, reports said. For additional proof, the threat actors posted internal data stolen from the Dozor-Teleport network.

"The whole world watched our actions, listened to our every word. We showed how easily we can reach Moscow in a day without meeting any resistance," the cyber attackers said in their Telegram message.

The reference seems to add to the narrative that the cyberattack was launched by Wagner Group, which, under the command of the now-exiled Yevgeny Prigozhin, marched on Moscow in protest of the Putin government's execution of the Russian invasion of Ukraine.

Was This a False Flag?

But the Wagner Group's Telegram channel has made no mention of the cyberattacks so far, according to reports on the incident.

Cybersecurity and international relations expert Oleg Shakirov has been monitoring the breach and assessed in a June 29 tweet that "Wagner's involvement is very unlikely."

He instead suspects the Dozor-Teleport compromise is the work of the Ukrainian military. "Some Russian websites have also been defaced presumably on behalf of Wagner (disgruntled that Russia didn't fulfill its part of the bargain)," Shakirov added. "But again this looks like Ukrainian false flag trolling."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights