DDoS attacks on telecom operators in Russia

DDoS attacks in Russia

Main article: DDoS attacks in Russia

2025

The largest provider of Krasnoyarsk, Orion Telecom, was subjected to a DDoS attack. Subscribers were left without the Internet

Orion Telecom was subjected to a powerful DDoS attack on the night of June 12, 2025, as a result of which subscribers from the Krasnoyarsk Territory, Khakassia and the Irkutsk Region lost access to the Internet and television. The network and server infrastructure of the provider was disabled by cybercriminals, which led to a large-scale failure in the operation of telecommunications services. Read more here.

Internet provider "ASVT" was subjected to a cyber attack with a capacity of 70.07 Gbps

The ASVT Internet provider was subjected to a large-scale DDoS attack with a capacity of 70.07 Gbps, due to which some of the company's customers had problems with network access. The attack was recorded at the end of May 2025 at 10:19 and led to interruptions in the operation of Internet services from the operator's subscribers. This was announced by Roskomnadzor. Read more here.

2024

The number of DDoS attacks on Russian telecom in 2022-2024 increased by 75%

The increase in the number of DDoS attacks on telecom operators in Russia for the period from 2022 to 2024 amounted to 75%. Both power and the scale of cyber attacks aimed at key elements of telecommunications infrastructure have significantly increased. This was announced in June 2025 by the general director of MSK-IX Evgeny Morozov, noting the increase in threats against the industry.

According to Kommersant, the average duration of DDoS attacks remains consistently high - about four hours. Morozov noted that over the past three years, the number of attacks has grown multiply.

𝓲

Фото: Freepik

The CEO of MSK-IX said that the dynamics and power of attacks on telecommunications infrastructure is growing. Cyberattacks are becoming more and more multi-vector, which complicates their reflection. Morozov stressed the need to develop new safety rules and control the provision of services. Telecom operators are forced to adapt to the new realities of cyber threats.

Over the past three years, the public sector and fintech have been able to move forward on cybersecurity issues after facing an increase in cyber attacks. Companies in these sectors have strengthened protective measures and monitoring systems. Logistics and retail sectors remain in the area of ​ ​ increased risk. These industries have not yet reached the level of security of the public sector and fintech.

The main types of DDoS attacks on Russian telecom include:

• L7 attacks on applications and protocols.
• Multi-vector carpet attacks on multiple IP addresses.
• Attacks using 5G routers.
• IoT botnets based on IoT devices.
• Politically motivated cyber attacks.

The expert noted the emergence of new sources and directions of attacks on telecommunications infrastructure. Attackers use modern technology to increase impact. Attacks from 5G routers have appeared, which are becoming a new platform for conducting DDoS attacks. The high speed of 5G networks allows you to generate more malicious traffic.^[1]

Novosibirsk Internet provider Sibseti reported a hacker attack and stopped work

On November 2, 2024, the Novosibirsk Internet provider Sibseti announced a massive DDoS attack on its infrastructure. The company had to suspend work, since the servers are not able to cope with the load that fell on them. Read more here.

The largest Internet provider in Novosibirsk has undergone the largest DDoS attack. Subscribers left without communication

On October 7, 2024, the largest Internet provider in Novosibirsk, Electronic City, announced the largest DDoS attack (denial of service) on its infrastructure. Subscribers of the company were left without communication. In addition, the work of a number of services was disrupted, including a personal account, the main site, as well as the Ivi online cinema. Read more here.

Petersburg telecom operator PACT is experiencing a powerful DDoS attack for the second day. Services are not working

On June 16, 2024, the St. Petersburg telecom operator PACT announced a massive DDoS attack on its IT infrastructure, which continues for the second day. Cybercriminals disrupted the functioning of systems, some services do not work. Read more here.

MTS was subjected to the most powerful DDoS attack in a year. It was conducted from 5 countries with 20 thousand devices

On June 13, 2024, MTS announced the most powerful DDoS attack this year, which was carried out simultaneously from five countries. The attack lasted two hours, but thanks to the well-coordinated work of the MTS RED protection system, hackers failed to hack into the operator's network. Read more here.

A massive DDoS attack is underway on the Siberian Bear telecom company. Services are disabled, there is no Internet in Kuzbass

On May 26, 2024, several Russian telecom operators were subjected to a massive DDoS attack. In particular, the Siberian Bear company from Novosibirsk, as well as RialCom from the Moscow region, were seriously affected. Read more here.

2020: "Rostelecom-Solar" noted a sharp increase in DDoS attacks on educational institutions and telecom companies

Hackers began to be used much more often DDoS-attacks in relation to telecom-companies, educational institutions and. state structures This follows from the report prepared on the basis of the observed data and attacks neutralized on the network "" in Rostelecom 2019 and early 2020. This was announced on April 30, 2020 by "."Rostelecom-Solar

A little more than a year ago, the telecom industry accounted for only 10% of all DDoS attacks, but now this figure has grown to 31%. Most often, hackers are targeted by small regional Internetproviders ones hostings -, and, data centers which usually do not have the resources necessary to repel powerful attacks.

The share of government organizations and educational institutions in the total volume of DDoS attacks was previously 2% and 1%, respectively, but over the year increased to 5% for each of the segments. This is due to the digitalization and launch of its own Internet resources, on which the activities of such organizations increasingly depend, especially during the period of self-isolation.

The largest increase (by 153%) in the number of attacks was shown by educational resources, including electronic diaries, sites with verification work, etc. Rostelecom-Solar experts do not exclude that the initiators of such attacks may be the students themselves, which once again demonstrates how affordable the DDoS organization has become with relatively weak security of some sites.

Despite the sharp increase in DDoS in certain segments, the gaming industry is still the leader in this indicator. For 2019 and the beginning of 2020, 34% of attacks were directed to game servers (against 64% in 2018).

In general, during the reporting period, the number of DDoS attacks on Russian companies increased by 63%. At the same time, the attackers changed their tactics: they no longer "exhaust" the victim with long low-power attacks, preferring short sprints with a large amount of parasitic traffic. The most powerful DDoS attack of 2019 was 405 Gbps, which is less than the record in recent years - 450 Gbps. Despite the fact that the record has not yet been "broken," on average, DDoS capacity has increased over the year.

The increase in attack power is associated with significant technological progress that attackers demonstrate. In particular, they began to actively use IoT devices that allow you to create large botnets and intensify attacks. In 2019, a record-breaking IoT attack on Rostelecom's networks was recorded - 178 Mpps. It was aimed at a betting company and implemented using a botnet of 8,000 real devices.

As Rostelecom-Solar experts explain, when hackers hit the victim with a fast and powerful wave of requests, not all anti-DDoS services manage to determine the IP addresses of the devices involved. Then 'undisclosed' addresses can be used in the following attacks.

{{quote "Based on current trends, we predict a further increase in the number of DDoS attacks this year. Attackers will actively use existing methods and their combinations, continuing to look for new technologies. At the same time, against the background of the deployment of 5G networks and IPv6 protocols, the use of IoT devices will expand to organize more powerful attacks. With such an increase in the aggressiveness of the Internet environment, it is better for companies on the global network to realize as soon as possible that the integration of information security processes, including DDoS counteraction, into regular business processes of the organization is vital for further effective development, "said Ivan Miroshnichenko, head of the Rostelecom-Solar web application protection services development group. }}

Notes