3 May 2022

Russia redirects internet traffic in occupied Kherson to its infrastructure


Russia redirects internet traffic in occupied Kherson to its infrastructure

Russia has reportedly rerouted internet traffic in the occupied Ukrainian region of Kherson through Russia's Rostelecom communications infrastructure, according to the internet service disruption monitor NetBlocks.

“Confirmed: Metrics indicate that internet connectivity on provider Skynet (Khersontelecom) in Russian-occupied Kherson, south Ukraine, has been partially restored and rerouted via Russia's Rostelecom instead of Ukrainian infrastructure,” NetBlocks said in a tweet.

The London-based NetBlocks said on Saturday it registered a near-total internet blackout across Kherson region that affected various Ukraininan providers, including Ukrtelecom, Kyivstar, and Volia. Although connection was restored after several hours, various metrics indicate that internet traffic is now being redirected through Russia.

Mobile operator Vodafone said that the incident was “unfortunately not an accident” and at least one anonymous Russian source claimed that Russia was now seeking to deploy its own replacement network.

“On 1 May, hours after the internet blackout in Kherson, regional provider Skynet (Khersontelecom) partially restored access. However, connectivity on the network has been routed via Russia’s internet instead of Ukrainian telecoms infrastructure and is hence likely now subject to Russian internet regulations, surveillance, and censorship,” NetBlocks said on its website.

The State Service of Special Communications and Information Protection of Ukraine (SSSCIP) said that the internet disruption in Kherson region and in part of Zaporizhzhia region was caused by line breakages at fiber optic backbones and by a power outage with service operators’ equipment in these regions.

“The troubles, having occurred at the same time with all mobile service operators and terrestrial Internet service providers, are no other than another enemy attempt to leave Ukrainians without access to the true information on developments in the war waged by russia against Ukraine; and to make their false propaganda an uncontested source of information, just like it is done in russia,” SSSCIP said.

“Disabling Ukrainian communications, just like introducing the aggressor country’s currency and forcing to pay taxes to occupant’s formations, are intended to make at least an appearance of a new quasi-state for Russian domestic consumption. Against this background, they are planning to feed the fake results of a possible fake referendum to the Russian populace.

Ukraine will never leave its citizens alone. Just like our defenders have driven the enemy troops out of Kyiv, Sumy and Chernihiv regions, they will do the same in the rest of our land. All the territories under occupation within the internationally recognized borders of Ukraine will be liberated.

Now we beg all Ukrainians staying under occupation to move out to other regions as soon as an opportunity arises. Please be careful and do not put yourselves in danger,” the agency added.

Kherson was the first big city that Russia has taken control of since the first days of war. Now, Moscow is trying to tighten its grip on the region by forcing it to use the Russian rubles for payments.

According to Kirill Stremousov, the Russia-appointed deputy head of what invaders call the “civil-military regional administration” of Kherson, a four-month window when Ukraine's hryvnia and ruble were both in circulation would start on May 1.

Cybersecurity Help statement on the critical situation in Ukraine

On February 24, people in many cities and towns across Ukraine woke up to the sounds of explosions and artillery fire, as the Russian Federation launched a full-scale invasion of the country. Such actions are unacceptable, political ambitions of any man aren’t worth of blood, tears, and destruction of millions of lives. We give our full support to the Ukrainian people in these hard times. No more war! Слава Україні!



Back to the list

Latest Posts

Interpol arrests suspected leader of Nigerian cybercrime gang involved in BEC attacks

Interpol arrests suspected leader of Nigerian cybercrime gang involved in BEC attacks

The suspect registered 240 domains, 50 of which were used as command-and-control domains for the ISRStealer, Pony, and LokiBot malware.
26 May 2022
US automaker General Motors hit with credential stuffing attack

US automaker General Motors hit with credential stuffing attack

Social Security numbers and driver’s license details weren’t compromised, the company said.
25 May 2022
Popular Python and PHP libraries altered to steal AWS keys

Popular Python and PHP libraries altered to steal AWS keys

In both cases the attacker appears to have taken over packages that have not been updated in a while.
25 May 2022