Cyber Incident Victim: Вымпелком
Date:
Mar 2025
Location:
Russia
Summary
Beeline experienced a distributed denial-of-service attack that disrupted mobile app access, website functionality, notifications and internet connectivity for many of its over 44 million subscribers. The provider said its specialists identified the issue and took steps to stabilize service after users in Moscow and surrounding regions filed mass complaints, echoing a prior similar incident that had knocked down its website and mobile application while affecting home and mobile internet. The attack follows a pattern of large-scale, multi-vector DDoS campaigns against Russian telecoms, with a security source noting comparable traffic volume to a recent MegaFon incident but originating from fewer IP addresses, resulting in a higher load per address, and occurs amid broader cyber activity in the sector including contractor breaches, claimed infrastructure destruction, and reports that over a third of Russia’s DDoS targets last year were telecom firms, most linked to politically motivated actors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In February 2025,Beeline experienced a distributed denial-of-service attack that disrupted its website, mobile application, home and mobile internet services for its more than 44 million subscribers. On Monday, March 3, 2025, a second targeted DDoS attack caused outages reported by users, with Downdetector showing difficulties accessing the mobile app, website outages, notification failures and internet disruptions for most Beeline users in Russia. Roskomnadzor recorded mass complaints from subscribers in Moscow and surrounding regions regarding connectivity issues following the March incident. Beeline confirmed the attack to local media and said its specialists had identified the issue and taken measures to stabilize services, without disclosing further scope or impact details.
The March attack followed a similar large-scale DDoS incident against MegaFon in January 2025, which was also described as multi-vector and large-scale. A cybersecurity source cited by Forbes Russia noted that the volume of malicious traffic was identical for both attacks, but MegaFon faced the traffic from 3,300 IP addresses while Beeline was targeted via 1,600 IP addresses, resulting in a higher load per IP address. In January 2025, Rostelecom announced it was investigating a suspected cyberattack on one of its contractors after the hacker group Silent Crow claimed to have leaked thousands of customer emails and phone numbers. Around the same time, the Ukrainian Cyber Alliance claimed responsibility for an attack on Russian internet provider Nodex, asserting it had destroyed the company’s infrastructure overnight, a claim later confirmed by Nodex. In November 2024, the telecommunications integrator Rapporto reported a cyberattack on its infrastructure. In 2023, Veon-owned Kyivstar suffered one of the largest Russia-linked cyberattacks, disrupting services for several days, with Veon estimating the cost at nearly $100 million. Russian cyber experts have reported that over 30% of all DDoS attacks in Russia last year targeted telecommunications companies, with at least 90% of those attributed to politically motivated threat actors.
Beeline was previously owned by the Netherlands-based Veon, which also owned Ukraine's Kyivstar before divesting its Russian assets following the invasion of Ukraine. The company sold its Russian operations, including Beeline, as part of its exit strategy. These events place the March 2025 Beeline outage within a pattern of repeated DDoS and cyber incidents affecting Russian telecommunications providers.