Russian telecom confirms hack after group backing Wagner boasted about an attack

Russian telecom confirms hack after group backing Wagner boasted about an attack

The Russian satellite telecom company that hackers targeted this week in a claimed effort to support the Wagner paramilitary group confirmed the cyberattack on Friday, according to a Russian technology publication. The satellite company provides internet and other communication services that support state agencies such as Moscow’s main intelligence agency.

Alexander Anosov, the general director of the satellite company Dozor-Teleport CJSC and the first deputy general director of its parent company, Amtel-Svyaz, told a Russian information technology news outlet that the company was indeed infiltrated, and that preliminary information suggested that “infrastructure on the side of the cloud provider was compromised,” according to a Google translation.

ComNews, the publication that reported Anosov’s confirmation, reported that it “may take up to to weeks to restore the network to full operation.” The story did not offer additional detail to the severity or scale of the attack but said more information would be published on Monday.

News emerged late Wednesday into Thursday that the company had been targeted by a group claiming affiliation to the PMC Wagner, the private military company run by Victor Prigozhin. Along targeting the company and leaking nearly 700 files, the hackers defaced several websites and put up Wagner-related messages and a video.

Oleg Shakirov, a cyber policy expert and consultant at the Moscow-based PIR Center think tank, tweeted Thursday that “Wagner’s involvement is very unlikely,” and that it looked “like Ukrainian false flag trolling.”

The Wagner group did not respond to a request for comment and has not posted about the alleged connection to the hack in its widely followed Telegram channel. In the days since Prigozhin led his private military on an uprising and threatened to kill the head of the Russian military, his company, which includes the notorious Internet Research Agency troll factory, has faced major setbacks. Prigozhin announced the “liquidation” of Patriot Media, his company that had “dozens” of “news” sites, Meduza reported Friday.

The article also implied that the company was targeted because it uses a Latin-alphabet “Z” in its name, rather than the Cyrillic “З”. Anosov said that the company’s use of the “Z” could lead some to think that it works with the Russian Ministry of Defense. The symbol “Z” has become a symbol of the Russian invasion of Ukraine.

Sean Townsend, a spokesperson for the loose collective of hackers and various hacking groups in Ukraine known as the Ukrainian Cyber Alliance, tweeted screenshot of text from one of the files dumped by the hackers shows multiple references to its work with the Ministry of Defense.

AmtelSvyaz said that they do not work with MoD RU. “МО РФ” in the stations list (highlighted) means “MoD RU”, btw, they confirmed the attack, they also serve occupied territories pic.twitter.com/JgX9fRkzXo

— herm1t (@vx_herm1t) June 30, 2023

The file, which is a spreadsheet titled “stations,” also shows that the Moscow-based company has infrastructure in the occupied areas of Ukraine, including near the Zaporizhzhia Nuclear Power Station, Townsend told CyberScoop Friday.

The post Russian telecom confirms hack after group backing Wagner boasted about an attack appeared first on CyberScoop.