Hackers attack Russian satellite telecom provider, claim affiliation with Wagner Group
Unidentified hackers claimed to have targeted Dozor, a satellite telecommunications provider that services power lines, oil fields, Russian military units and the Federal Security Service (FSB), among others, according to a message posted to Telegram late Wednesday night.
“The DoZor satellite provider (Amtel group of companies), which serves power lines, oil fields, military units of the Russian Defense Ministry, the Federal Security Service, the pension fund and many other projects, including the northern merchant fleet and the Bilibino nuclear power plant, went to rest,” the group’s first message read, according to a translation. “Part of the satellite terminals failed, the switches rebooted, the information on the servers was destroyed.”
The hackers also claimed to have defaced four seemingly unconnected Russian websites with messaging supportive of the Wagner private military company, the Russian mercenary group that made international headlines last weekend as it marched toward Moscow in an astonishing uprising that challenged the power of Russian President Vladimir Putin, before the group stopped short.
The group’s leadership was relocated to Belarus, a staunch Russian ally. Yevgeny Prigozhin, the head of Wagner, also created and funded the Internet Research Agency, a troll farm that the U.S. government sanctioned for its role in the sweeping Russian election interference operations targeting the 2016 U.S. presidential elections and then the 2018 elections.
Belarusian President Aleksandr Lukashenko said he argued against Putin’s contemplation of killing Prigozhin for leading the uprising, and instead brokered the deal to send Prigozhin to Belarus.
The message posted to the defaced websites showed the Wagner insignia, along with a message about the uprising and its results. “We agreed to a peaceful solution because we achieved the main thing — we showed our capabilities and full social approval of our actions,” the message read, according to a Google translation. “But what do we see instead? The current military leadership has not been removed from office, criminal cases have not been closed … You kicked us out of the NWO zone, out of Russia, but you can’t kick us out of the network.”
“We take responsibility for hacking,” the message continued. “This is just the beginning, more to come.”
The group posted a link to a zip file containing 674 files, including pdfs, images and documents. On Thursday morning, the group also posted three files that appear to show connections between the FSB and Dozor, and the passwords Dozor employees were to use to verify that they were dealing with actual FSB representatives, with one password valid for every two months in 2023, according to a Google translation.
Doug Madory, the director of internet analysis for Kentik, told CyberScoop Thursday that Dozor’s connection to the internet went down at about 10 p.m. ET Wednesday and remains unreachable. One of the routes the company uses was switched to Amtel-Svyaz, Dozor’s Moscow-based parent company.
Amtel-Svyaz could not be reached for comment.
The Wagner Group could not be reached for comment.
Oleg Shakirov, a cyber policy expert and consultant at the Moscow-based PIR Center think tank, tweeted Thursday that “Wagner’s involvement is very unlikely,” and that it looked “like Ukrainian false flag trolling.”
Shakirov told CyberScoop in an online message that “the whole hack and leak looks very real, but it’s not something Wagner does. They don’t have a motive now & no history of such attacks.”
