A senior executive of Dozor-Teleport, the Russian satellite communications provider, has admitted they fell victim to a hacking attack on June 29. The company’s General Director, Alexander Anosov, told Russian tech news website ComNews that the successful attack was aimed at a cloud provider they relied upon:
По предварительным данным, была скомпрометирована инфраструктура на стороне облачного провайдера.
According to preliminary data, the cloud provider’s infrastructure was compromised.
The hackers breached confidential data, releasing 700 files via a website that publicizes leaks and using an all-new channel on Telegram. Independent monitors had already confirmed the attack affected comms connectivity, with Dozor-Teleport estimating it will take at least two weeks to fully restore their core network to normal operation.
Dozor-Teleport provides comms services to energy businesses and Russian security services. The hackers claimed to be affiliated to Wagner, the private army which had been involved in bitter fighting in Ukraine and which briefly rebelled against central control before its leader agreed a deal that involved moving to Belarus. Experts doubted if the hackers had any genuine link to Wagner because none of their messages came via Wagner’s comms channels. However, Anosov claimed that Dozor-Teleport had been attacked because of the way the ‘z’ in the company’s name is presented in its logo; this symbol is commonly associated with support for Russia’s invasion.
И отдельно отметим, что в сети распространяется информация о том, чтобы атака была направлена на оператора связи, предоставляющего услуги для Минобороны. Скорее всего, данный вывод связан с историческим логотипом компании где буква “З” пишется латиницей: “ДоZор”.”
And separately, we note that information is being disseminated saying the attack was directed at a telecom operator providing services for the Ministry of Defense. Most likely, this conclusion is connected with the company’s historical logo, where the letter “Z” is written in Latin: “DoZor”.
This attack mirrors the outage suffered by satellite comms provider Viasat, which was hit by Russian malware at the beginning of the invasion of Ukraine. Viasat’s more extensive network was better able to cope with that attack, but the loss of connectivity still negatively impacted Ukrainians resisting the invasion. As the Ukrainian military is currently ramping up its own offensive, it is easy to see why some are arguing the hackers of Dozor-Teleport were working on behalf of Ukraine.
