The Incident

In June 2023, the russian satellite communications provider Dozor-Teleport suffered a large-scale cyberattack. The company’s website was defaced, its network partially disappeared from global routing tables, and thousands of satellite terminals were knocked offline. Hundreds of internal documents were leaked, confirming the scale and authenticity of the breach.

This was not just a hit against a private telecom company. Dozor-Teleport’s clients included russia’s Ministry of Defense, the FSB, and the Northern Fleet - meaning the attack struck at the heart of military and intelligence communications.

‍

Claim of Responsibility

Two years later, the Ukrainian hacktivist group RUH8 published a statement on their Telegram channel, declaring themselves responsible. RUH8, founded in 2014, is one of Ukraine’s oldest hacktivist group, known for their sardonic motto: “russia has two problems. Will you be the third?”

‍

‍

In a later interview, group member Sean Townsend drew a direct comparison with russia’s attack on the European operator Viasat in February 2022:

‍

“russian hackers disabled Viasat, which was used by the Ukrainian army. We hit them back by hacking Dozor-Teleport, which served the FSB, the Ministry of Defense, and more than 3,000 ground stations.”

‍

Still, responsibility claims in the cyber domain should always be treated with caution. Attribution is often murky, and public “confessions” can be part of information warfare, aimed at misdirection or psychological pressure.

‍

Assessment and Implications

The Dozor-Teleport breach was a mirror move. Just as russia exploited vulnerabilities in Viasat to disrupt Ukrainian military communications, Ukrainian hacktivists responded by targeting russia’s own satellite backbone.

The attack underscored the fragility of space-based communication. Despite their high-tech image, satellite networks can be crippled through relatively simple entry points: compromised routers, exposed admin panels, or mass terminal resets. The result is not only service disruption for thousands of users but also strategic paralysis for military and government clients.

‍

A cyber analyst from SentinelLabs, commenting at the time, noted:

‍

“Dozor wasn’t just a telecom provider - it was a node in russia’s command-and-control ecosystem. Shutting it down, even temporarily, is the kind of impact usually reserved for kinetic strikes.”

‍

For russia, the incident was a reputational blow: a supposedly secure military-grade provider was proven vulnerable. For Ukraine, whether the RUH8 claim is fully accurate or partly amplified, the message was unmistakable - Moscow’s networks are not untouchable.

‍

Other Ukrainian Hacktivist Operations After 2022

The Dozor-Teleport operation was part of a wider campaign of hacktivist activity since the start of the full-scale war. Among the most notable cases:

- March 2022‍

A massive leak from Roskomnadzor (russia’s media regulator) exposed over 360,000 internal files. While Anonymous initially claimed credit, Ukrainian activists were believed to have contributed.

- July 2022‍

The Cyber Resistance collective claimed access to FSB email accounts, publishing documents linked to russian operations in occupied Crimea.

- 2023‍

A wave of breaches targeted russian defense contractors and energy companies, including Rostec. Gigabytes of emails and technical files appeared in public repositories, though without clear attribution.

- 2024‍

A disruption at Sberbank resulted in leaked internal guidelines and portions of client data. No group officially took responsibility, but analysts linked the incident to Ukrainian hacktivists.

- Early 2025

The compromise of Rostelecom’s mail servers led to widespread publication of internal correspondence. Again, no group stepped forward, but open-source investigators pointed to Ukrainian involvement.

‍

Final Thoughts

The Dozor-Teleport hack should be seen not as an isolated stunt but as a milestone in an evolving cyber battlefield. What once looked like sporadic pranks or “symbolic hacks” has matured into systematic campaigns with tangible strategic effects.

Satellite operators, financial giants, ministries - all are now legitimate targets. If the Viasat hack in 2022 demonstrated russia’s offensive reach, then Dozor-Teleport in 2023 marked Ukraine’s capacity to retaliate in kind. The symmetry is striking, and it suggests a dangerous future: a cyber arms race extending deep into space infrastructure.

Looking ahead, it’s likely that satellite communications will remain high on the target list. The next logical step could be not just temporary outages but long-term sabotage - firmware-level attacks, destructive wipers for terminals, or even manipulation of orbital systems themselves.

The message of RUH8, regardless of the full truth behind their claim, is clear: in this war, the digital front is as real and consequential as the physical one. And the game of satellites, as one activist put it, “can be played by two.”

‍

‍_{Author: Nessa, Cyber Journalist}

_{Photo: Ukrainian Cyber Alliance}

‍

‍