20.5k unique visitors in the last 3 days

Russian Satellite Comms Operator Admits Outage and Breach Caused by Cloud Hackers

Dozor-Teleport said it may take weeks to fully recover. The hackers said they supported the Wagner rebellion.

A senior executive of Dozor-Teleport, the Russian satellite communications provider, has admitted they fell victim to a hacking attack on June 29. The company’s General Director, Alexander Anosov, told Russian tech news website ComNews that the successful attack was aimed at a cloud provider they relied upon:

По предварительным данным, была скомпрометирована инфраструктура на стороне облачного провайдера.

According to preliminary data, the cloud provider’s infrastructure was compromised.

The hackers breached confidential data, releasing 700 files via a website that publicizes leaks and using an all-new channel on Telegram. Independent monitors had already confirmed the attack affected comms connectivity, with Dozor-Teleport estimating it will take at least two weeks to fully restore their core network to normal operation.

Dozor-Teleport provides comms services to energy businesses and Russian security services. The hackers claimed to be affiliated to Wagner, the private army which had been involved in bitter fighting in Ukraine and which briefly rebelled against central control before its leader agreed a deal that involved moving to Belarus. Experts doubted if the hackers had any genuine link to Wagner because none of their messages came via Wagner’s comms channels. However, Anosov claimed that Dozor-Teleport had been attacked because of the way the ‘z’ in the company’s name is presented in its logo; this symbol is commonly associated with support for Russia’s invasion.

И отдельно отметим, что в сети распространяется информация о том, чтобы атака была направлена на оператора связи, предоставляющего услуги для Минобороны. Скорее всего, данный вывод связан с историческим логотипом компании где буква “З” пишется латиницей: “ДоZор”.”

And separately, we note that information is being disseminated saying the attack was directed at a telecom operator providing services for the Ministry of Defense. Most likely, this conclusion is connected with the company’s historical logo, where the letter “Z” is written in Latin: “DoZor”.

This attack mirrors the outage suffered by satellite comms provider Viasat, which was hit by Russian malware at the beginning of the invasion of Ukraine. Viasat’s more extensive network was better able to cope with that attack, but the loss of connectivity still negatively impacted Ukrainians resisting the invasion. As the Ukrainian military is currently ramping up its own offensive, it is easy to see why some are arguing the hackers of Dozor-Teleport were working on behalf of Ukraine.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email