Start your day with intelligence. Get The OODA Daily Pulse.

Home > Analysis > New Hacking Group Takes Down Russian Telecom Satellite in Support of Prigozhin’s Wagner Group

New Hacking Group Takes Down Russian Telecom Satellite in Support of Prigozhin’s Wagner Group

Last weekend, the primary risk awareness variable we encouraged our readership to track based on the recent events in Russia was the following:

The information threat vectors and cyber attack surface have been expanded:  Be on the lookout for how recent events have ginned up the tactical and strategic activity of Advanced Persistent Threats (APTs) and non-state cyber actors in the field – on all sides of this multi-sided hybrid conflict. Early last week, before the events in Russia, White House Deputy National Security Adviser Anne Neuberger at the FT Cyber Resilience Summit in Washington, voiced concern that Ukraine is already experiencing a ‘surge’ in cyberattacks as it executes counteroffensive.  Watch this space.”

Yesterday, a new, unidentified non-state actor hacking operation hit a Russian telecom satellite in support of the Wagner Group. 

A summary of this development as reported by our friends over at The Record:

“Hackers claim to take down Russian satellite communications provider. Here’s what you need to know:

1. A group claiming affiliation with the Wagner Group, a Russian private mercenary army, has taken responsibility for a cyberattack on Dozor-Teleport, a Russian satellite communications provider. This attack has disrupted the internet connectivity of Dozor-Teleport, impacting energy companies and the country’s defense and security services.

2. The hackers behind the attack have allegedly damaged satellite terminals and leaked and destroyed confidential information stored on Dozor-Teleport’s servers. They have posted 700 files, including documents and images, to a leak site.

3. The restoration process for Dozor-Teleport’s core network could take from a few days to several weeks, with full restoration potentially taking several months. This cyberattack follows a similar breach on Viasat, another satellite telecommunications service provider, during Russia’s invasion of Ukraine. Both attacks raise concerns about the vulnerability of satellite infrastructure and the potential threat they pose to national security.” (1)

A full report can be found at: Hackers Claim to take down Russian satellite communications provider

Cybernews.com also has some early reporting: Russian satellite telecom Dozor allegedly hit by hackers

What Next? 

In the end, this level of uncertainty and instability  – with a nuclear arsenal at the center of it all – is a high-risk global scenario for all markets, businesses, nation-states, and geopolitics futures. 

Your organization should be tracking these events at the macro level on a consistent basis.  We are here to help.  Consider: 

  • Based on the satellite hacking activity at the start of the conflict in Russia and this current incident, satellite (and space) infrastructure and security have emerged as a strategic priority for competitive advantage and national security.  At the end of this post, you will find some insights and recommendations for business leaders about the future of this threat vector and attack surface. 
  • Our recent insights were based on our tracking of the amount of non-state actor cyber activity at the onset of this conflict – specifically, activity by Anonymous and non-state actors in Russia (which are basically agents of the state  – but are structured for plausible deniability by the Russian State).  
  •  The U.S. will never publicly own an offensive cyberwar stance in its conflict.  But the U.S. and Israel pulled off Stuxnet in the end.  This unidentified, new hacking group?  Is it the equivalent of non-state actors somewhere in the world –  which are basically agents of the state – but are structured for plausible deniability by the Ukrainian State and/or the U.S. State?
  • And even if it is not Ukraine or the U.S. behind this cyber incident, how soon before Putin weaponizes the allegation that it is Ukraine and the U.S. in the disinformation warfare ecosystem?  
  • Never underestimate the sophistication of the white-collar, brain drain out of Moscow in the last 7 months.  Where are those Russian engineers and computer scientists logged in  – and working against the Russian state via cyber?  
  • There have been two working definitions that have framed how this conflict was always going to be fundamentally different than previous conflicts:
    • Hybrid Warfare:  Frank Hoffman, a professor at the National Defense University, defines hybrid warfare as “transcending traditional notions of one military confronting another by incorporating conventional and unconventional forces, information warfare such as propaganda, as well as economic measures to undermine an enemy.” (2
    • The Gerasimov Doctrine, named after the Chief of the General Staff of the Russian Armed Forces Army General Valery Gerasimov, is a pseudo-military doctrine created by the Western media and some Russian analysts. Gertasimov was a central figure last week in the internal power struggle in Russia between the Wagner Group and the Russian military. It is based on Gerasimov’s views about American contemporary warfare, putting interstate conflict and warfare on a par with political, economic, informational, humanitarian and other non-military activities.  It became known after Mark Galeotti coined the term in his blog “In Moscow Shadows”[10] and the invasion and annexation of Crimea by Russia in 2014. Some Western analysts were convinced that the Russian actions reflected the “Gerasimov Doctrine”[1] helping to spread the term and making it a buzzword. (3)

With these frameworks in mind: 

  • “Hybrid” now includes a shocking transcendence of “traditional notions of one military confronting another by incorporating conventional and unconventional forces.”
  • Consider recent events:  Satellite hacking by a new, unidentified hacking group on behalf of a mercenary force that just a few days ago orchestrated a coup that came within 200 miles of Moscow. 
  • These events really expand the spectrum of possibilities once comfortably accommodated by “hybrid warfare” and the “Gerasmimov Doctrine.” 
  • As a result, cognitive biases and a failure of imagination are really high-risk behaviors right now. 
  • Bilyana Lilly’s post yesterday is more prescient than ever  – Russian Cyber War: An Elite Russian Hacker Spells Out His Vision for “Information Confrontation in World Politics”

We also encourage OODA Loop members to analyze hybrid warfare and gray-zone tactics and consider providing innovative solutions based on the following assessment of your company’s capabilities and core competencies:

  • Does your company offer influence campaign awareness and sense-making, disinformation research, ransomware detection, behavioral analysis, and advanced threat analytics using machine learning, decision analysis, high-frequency trading risk mitigation, geospatial data, and analytics, geospatial situational awareness datasets (mobile, satellite), forensic accounting, or bitcoin and blockchain innovation?
  • Does your company provide products, services, solutions, or platforms that answer questions about geopolitical events, demographics, and/or national security using proprietary sources of data and artificial intelligence? If so, do your solutions mitigate the risk of any of the specific threats created by hybrid warfare and a gray-zone military tactical context?

https://oodaloop.com/archive/2022/05/12/with-viasat-satellite-hack-officially-attributed-to-russia-by-us-and-eu-allies-what-next-for-satellite-security/

https://oodaloop.com/archive/2022/03/22/cyber-attack-against-satellite-calls-into-question-satellite-security/

https://oodaloop.com/archive/2022/04/18/four-urgent-actions-for-the-c-suite-to-prepare-for-high-end-cyberattacks/

https://oodaloop.com/archive/2022/02/25/anonymous-wages-war-on-russia/

`

https://oodaloop.com/archive/2021/12/14/when-in-the-gray-zone-with-vladamir-putin-in-ukraine-dod-and-ic-hybrid-warfare-innovation-will-prove-vital/

https://oodaloop.com/archive/2019/07/17/ooda-special-report-the-kinetic-potential-of-russian-cyber-war/

https://oodaloop.com/archive/2022/06/29/lessons-on-the-future-of-cyberwar-from-russia/

https://oodaloop.com/archive/2023/04/19/ukraine-is-a-master-class-in-cyber-defense-and-a-real-time-ai-accelerator/

https://oodaloop.com/archive/2023/03/24/after-meeting-in-moscow-will-xi-and-putin-combine-it-armies-and-ict-driven-hybrid-warfare-efforts-against-the-west/

https://oodaloop.com/archive/2023/01/04/time-to-reconsider-the-how-state-actors-are-defined-in-cyberspace/

https://oodaloop.com/archive/2022/10/05/russias-cyber-attacks-in-ukraine-is-less-about-testing-new-attacks-and-all-about-regime-survival/

https://oodaloop.com/archive/2023/01/05/ooda-loop-2022-space-and-the-future-of-national-security-and-cybersecurity/

https://oodaloop.com/archive/2022/06/13/optical-communications-innovation-and-laser-satellites-are-the-future-of-space-communications/

https://oodaloop.com/archive/2021/08/09/what-the-c-suite-needs-to-know-about-a-return-to-great-power-competition-and-dod-capabilities-per-the-congressional-research-service/

Tagged: cyberwar Russia
Daniel Pereira

About the Author

Daniel Pereira

Daniel Pereira is research director at OODA. He is a foresight strategist, creative technologist, and an information communication technology (ICT) and digital media researcher with 20+ years of experience directing public/private partnerships and strategic innovation initiatives.