Pierluigi Paganini October 29, 2023

IT Army of Ukraine hacktivists have temporarily disrupted internet services in some of the territories that have been occupied by Russia.

Ukrainian hacktivists belonging to the IT Army of Ukraine group have temporarily disabled internet services in some of the territories that have been occupied by the Russian army.

After the invasion of the Crimea and the eastern Ukraine, Ukrainian telecommunications infrastructure was disable by Russian soldiers.

The hacktivists carried out DDoS attacks against the three Russian internet providers “Miranda-media,” “Krimtelekom,” and “MirTelekom.” The IT Army is inviting supporters to joint its operations by installing their software.

“We continue targeting internet and telecom providers to disrupt enemy communications. Today, our intel orchestrated a “thousand proxies” strike, disabling “Miranda-media,” “Krimtelekom,” and “MirTelekom.” This affects not only Crimea but also occupied parts of Kherson, Zaporizhia, Donetsk, and Luhansk regions. Another blow by our cyber army disrupting enemy military communication at the frontlines.” reads the message published by the group IT Army of Ukraine on its Telegram channel.

The Miranda Media ISP announced on Friday that is was facing a massive DDoS attack.

“Digital services operator Miranda-Media has been recording an unprecedented level of DDoS attacks from Ukrainian hacker groups since 9.05 am on October 27, 2023. As a result, there is a temporary unavailability of the services of Miranda-Media, Krymtelecom and MirTelecom.” reads the announcement.

“All technical and IT services of the company have been placed on high alert. All necessary measures are being taken to restore the network’s functionality. We will inform you further about the progress of the work.”

The Russian ISP managed to mitigate the attack by the end of Friday, it partially restored its services on Friday evening.

Telecommunication infrastructure and internet services are critical infrastructure and were targeted by both Russian and Ukrainian threat actors.

The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA).

According to public sources, the threat actors targeted ICS of at least 11 Ukrainian telecommunications providers leading to the disruption of their services.

“According to public sources, for the period from 11.05.2023 to 27.09.2023, an organized group of criminals tracked by the identifier UAC-0165 interfered with the information and communication systems (ICS) of no less than 11 telecommunications providers of Ukraine, which, among other things, led to interruptions in the provision of services to consumers.” reads the advisory published by the CERT-UA.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)