If your network logs show any communication with the Ukranian ISP Skynet (Khersontelecom) over the last few days, you should be worried. We recently posted about how our technology's use of broad and multi-faceted threat intelligence means we are uniquely able to track changes of control over network assets such as Putin taking control of a Ukrainian telecom company.  And Skynet is one of them.

Earlier this week, NetBlocks discovered Skynet traffic being routed through two Russian ISPs - Miranda and Rostelcom, following Russia's occupation of the region. Within 24 hours, a ThreatSTOP team member received the intel and added the IP address spaces to our "Russian-Controlled Entities" target,  immediately providing full protection for our customers from attacks originating in the area.

twitter_netblocksImage: Twitter

Rumor has it that Russia is rerouting this traffic to spy on it using their System for Operative Investigative Activities. If so, that's just the beginning. After taking over vast areas of Ukraine, Russia can utilize Ukrainian internet infrastructure as it's own "cyber base" in the middle of the war zone. While many businesses block traffic from Russia to protect themselves from cyber attacks, their networks are allowed to communicate freely with Ukraine. This poses not one, but two huge problems for any organization that isn't dynamically blocking the entities Russia is seizing:

1. Russia can generate new, successful attacks from any Ukranian ISP they conquer. We believe they are already doing just that with IP addresses in the invaded Crimea and Donetsk and Luhansk.

2. If your business makes any transactions using the US financial system, you are obligated to comply with government sanctions. That means full compliance with OFAC sanctions for all US businesses and those doing business with them. Communicating with Russia in any way, even if through Ukraine, is a breach of those sanctions.

traceroute_skynet_rerouteImage: Twitter (with added illustrations)

At ThreatSTOP, we know classic geo-blocking just isn't enough anymore. That's why we offer a one-of-its-kind dynamic, comprehensive protection bundle from the constantly changing (and growing) Russian-controlled cyber infrastructure. Every time Russia adds a new entity to its arsenal - we block it.


As events continue to evolve, ThreatSTOP will monitor the situation and modify protections to keep customers secure and capable of meeting compliance requirements.

If you're not a ThreatSTOP customer and want to see how ThreatSTOP can instantly eliminate attacks from your network, schedule a demo today:

Get a Demo

Want to see ThreatSTOP in action in your network right now? Here's a link to start a free trial:

Start Free Trial