Cyber Incident Victim: ASVT
Date:
May 2025
Location:
Russia
Summary
ASVT suffered a prolonged DDoS attack that knocked out internet for tens of thousands of users in Moscow and surrounding areas, disrupting its mobile app, website, customer accounts, remote work, card‑terminal payments and building intercom systems. The provider said it is cooperating with Russian state agencies, including Roskomnadzor, and attributed the assault to the Ukrainian IT Army, although the group has not claimed responsibility. The outage echoes a previous disruption of another Moscow‑area ISP that affected over 200 000 residents and was later claimed by the same hacker collective. ASVT also supplies government bodies and large enterprises, though it is unclear whether those customers were impacted. Russian telecom firms have become frequent targets of pro‑Ukrainian hackers, with a substantial share of recent DDoS activity directed at the sector and other incidents involving infrastructure destruction and data theft reported against other Russian operators.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On Tuesday, a distributed denial of service attack was first detected against the Russian internet provider ASVT, according to the company’s statement. The attack persisted through Friday, disrupting ASVT’s mobile application, website, and customer account systems. ASVT primarily serves large residential complexes in Moscow and surrounding areas, and residents reported losing internet access for several days. The outage prevented residents from working remotely, using card terminals to pay at local shops, and accessing their buildings because internet‑based intercom systems were disabled. The disruption affected tens of thousands of people in Moscow and nearby areas, as described by the provider as one of the most severe incidents of the year.
ASVT stated that it was collaborating with Russian state agencies, including the communications regulator Roskomnadzor, to restore services. In a Thursday statement, the company attributed the attack to the Ukrainian “IT Army,” a pro‑Kyiv hacker collective known for targeting Russian infrastructure, although the group had not publicly claimed responsibility for this incident. The event echoed a March disruption in which another provider, Lovit, suffered a cyberattack that cut off service to over 200,000 residents in Moscow and St. Petersburg, an attack later claimed by the IT Army of Ukraine. Following the Lovit outage, residents accused the company of blocking competitors and charging inflated prices, prompting Russia’s Federal Antimonopoly Service to launch a probe into Lovit’s business practices and to begin examining ASVT’s operations. Both providers have faced scrutiny for alleged monopolistic practices in addition to cybersecurity vulnerabilities.
ASVT also provides services to government institutions and major enterprises in the Moscow area, though it remains unclear whether those customers were affected by the DDoS attack. Russian cybersecurity analysts have noted that over 30 percent of all DDoS attacks in Russia last year targeted telecom companies, with the vast majority believed to be politically motivated. In January, the Ukrainian Cyber Alliance claimed to have destroyed infrastructure belonging to Russian provider Nodex, a breach later confirmed by Nodex. Around the same time, the hacking group Silent Crow claimed to have stolen and leaked customer data from a contractor linked to Rostelecom, Russia’s largest telecom provider.