Moscow Offline: DDoS Attack on Russia’s ASVT Knocks Thousands Off the Net

When a flood of junk traffic swamps a network, it can turn modern life off like a light switch. That’s essentially what happened to Russian internet operator ASVT at the end of May 2025, when a large distributed denial-of-service (DDoS) campaign overwhelmed its infrastructure and left tens of thousands of customers in Moscow and surrounding areas without service for several days. Russian regulators confirmed the incident on May 28, noting the attack’s significant scale and immediate impact on users.

The event was described in the industry as the most severe of the year. News outlets tracking the outage reported that the disruption began on Tuesday, May 27/28 and persisted across four days, affecting not only household connectivity but also the provider’s mobile app, website, and customer account systems. In dense residential complexes that depend on always-on links for work, payments, and smart-building systems, the effects were felt quickly and widely.

Russia’s internet watchdog said backbone operators joined mitigation efforts, rerouting and filtering hostile traffic through national defenses designed to absorb volumetric floods. Interfax later reported that those backbone providers specifically assisted in repelling the deluge, a move that aligns with standard “upstream” DDoS response playbooks when targeted companies need extra capacity and scrubbing.

How big was it? Monitoring data cited by local media indicate a peak traffic rate of roughly 70 Gbit/s, not among the largest globally, but more than enough to cripple an ISP serving concentrated clusters of subscribers. That level of traffic can saturate edge links, overwhelm firewalls, and trigger cascading failures across customer-facing portals, exactly the symptoms reported during the outage window.

Attribution in DDoS cases is notoriously murky. Several cybersecurity briefings and roundups referenced claims or indications pointing toward Ukraine-aligned hacktivists (often labeled the “IT Army of Ukraine”). This group has previously coordinated takedowns of Russian digital assets during the ongoing war. However, public, verifiable proof remains limited, and responsible reporting treats such links as tentative unless confirmed by technical forensics or formal statements.

Why it matters goes beyond a single provider. First, the incident serves as a clear reminder that DDoS has evolved from a nuisance to a critical-infrastructure risk. In multi-dwelling buildings around Moscow, temporary loss of broadband reportedly affected remote work and apps, and, more worryingly, some internet-dependent building systems such as intercoms and access controls. Urban networks now knit together payments, security, and public services; when they’re knocked offline, the ripple effects move quickly from inconvenience to safety and economic concerns.
Cableman

Second, it underscores a pattern: Russian telecoms have faced repeated, sometimes intense DDoS waves since 2022, as geopolitics spills into cyberspace. Sector trackers list multiple providers struck in 2025 alone, reflecting an elevated baseline of hostile activity. ISPs worldwide should read this as a warning to stress-test their DDoS posture, not just at the perimeter but across customer portals, DNS, and authentication layers that adversaries increasingly probe during peak traffic floods.

What helps in practice? The response highlighted several durable defenses: upstream traffic scrubbing via backbone partners; anycasted, overprovisioned capacity to absorb bursts; rate-limiting and anomaly detection tuned to application behavior, not only bandwidth; and runbooks that prioritize customer-visible services (billing portals, apps, status pages) so users aren’t left in the dark.

Post-incident communication also matters—regular, timestamped updates help reduce support load and rebuild trust after service resumes. Coverage from international and Russian outlets indicates that official notices and media briefings played a role in explaining the outage and the steps taken to contain it.

The attack will likely be cited in future incident playbooks as a case study in how “mid-sized” volumetric storms can still cause outsized harm in dense urban environments. It’s also a timely nudge for operators, far beyond Russia, to revisit capacity plans, re-validate scrubbing contracts, and rehearse failovers before the next storm hits.