By Joseph Menn,
Published by The Washington Post, 30 June 2023
A satellite communications system serving the Russian military was knocked offline by a cyberattack late Wednesday and remained mostly down on Thursday, in an incident reminiscent of an attack on a similar system used by Ukraine at the start of the war between the countries.
Dozor-Teleport, the satellite system’s operator, switched some users to terrestrial networks during the outage, according to JD Work, a cyberspace professor at the National Defense University. Analyst Doug Madory of Kentik, which monitors online traffic, said one network was taken over by Dozor’s parent company, Amtel-Svyaz, while three others remained down.
The company did not release a statement on what had gone wrong. At least two groups claimed responsibility for the attack, one describing itself as a hacktivist organization and the other as part of the Wagner Group, the mercenaries who mutinied last week and marched most of the way to Moscow. The hackers claimed to have sent malicious software to the satellite terminals, setting off a scramble among security experts to obtain a terminal for testing.
Multiple self-proclaimed hacktivists have attacked websites and critical infrastructure in Russia and Ukraine since the war began, but many of them coordinate with or are cover for military forces, according to sources familiar with their efforts.
A connection to Wagner could be faked to promote more division in Russia. A real one would be more interesting, showing that the mutinous actions may continue in cyberspace even if they have stopped on Earth.
Though Work said local market researchers estimated that the satellite arm of the company only has $10 million in annual revenue, it serves the Russian military and other federal services. Work said reporting elsewhere showed that its customers include Russian soldiers in Ukraine.
The impact of the shutdown will depend on its duration and whether the customers had other means to communicate that are reliable and secure. For many, satellite communications are the backup, while military units on the move could find it more vital.
“It’s doubtful this is crippling, unless there happened to be customers for whom this is their only connectivity option,” said Brian Weeden, a director at Secure World Foundation, a Washington think tank focused on space issues.
Ukraine has in the past been able to intercept Russian soldiers’ communications when they did not use a satellite service.
Satellite hacks are rare and are disclosed even more rarely. The attack on Viasat service used by the Ukraine military and others in February 2022 has been seen as one of the most successful hacking attacks of the war. SpaceX’s Starlink service became a vital alternative inside the country, and it has withstood multiple hacking attempts since then.
The Viasat hack was attributed by experts to Russia’s military intelligence arm, the GRU. But Wagner mercenaries could have worked closely enough with the GRU to have picked up techniques used in that attack. If so, it would have been easier for them to turn around and use it against Russia’s Dozor.
“There are a variety of scenarios where this capability, in a confused and uncertain post-mutiny environment, could have been brought to the front,” Work said.
A U.S. military spokesperson did not respond to a request for comment. A person familiar with Western operations supporting Ukraine in cyberspace said it was not clear who was behind the latest attack.
See: Original Article