- Category
- Latest news
Ukraine’s Cyber Division Infiltrates Russian Military Satellite Comms “Gonets” in Multi-Year Breach
- Authors
![Photo of Cyril Barabaltchouk]( "Photo of Cyril Barabaltchouk")
-72b63a4e0c8c475ad81fe3eed3f63729.jpeg "Photo of Cyril Barabaltchouk")
Ukrainian cyber specialists have breached “Gonets,” a Russian low-orbit satellite communications system marketed as Moscow’s answer to Starlink, InformNapalm reported on April 21.
Specialists have secured highly classified internal documents over a multi-year intelligence operation. The joint CYBINT (Cyber Intelligence) operation was conducted by the 256th Cyber Assault Division, the “Ukrainian Militant” analytical group, and the InformNapalm intelligence community.
We bring you stories from the ground. Your support keeps our team in the field.
Between 2023 and 2025, the hackers intercepted private communications and internal documentation, systematically feeding the intelligence to the Ukrainian Defense Forces. The public release of this data was deliberately delayed until now to ensure the operational security of related missions.
Russian forces faced communication breakdowns after Ukraine and SpaceX disabled their unauthorized Starlink terminals via a strict “whitelist” system. The sudden loss of fast, secure internet crippled Russian frontline coordination and drone operations, leaving units vulnerable to Ukrainian counterattacks. Forced to rely on bulky geostationary satellite dishes and visible Wi-Fi relay towers, Russian troops have become easier targets for drone strikes as they scramble to rebuild their networks.
Integrated into Russia’s military-industrial complex and the “Roscosmos” state corporation, Gonets is designed to provide communication outside standard coverage zones and support military data transmission. Despite Russian state claims, the network severely lags behind American systems like Starlink. InformNapalm notes that its development has been heavily hampered by international sanctions and relentless Ukrainian cyber operations.
The breach exposed critical security failures originating at the top of the Russian enterprise. Hackers compromised the data of Deputy General Director Alexey Labzin, who oversaw the company’s entire IT network, and Vladimir Katayev, the chief specialist for cryptographic protection. Notably, Katayev built his career in Russia’s secretive 12th Chief Directorate, the military branch responsible for nuclear security and the protection of state secrets.
Internal documents revealed that the central IT hub is plagued by systemic vulnerabilities. Sanctions have forced the facility to rely on severely outdated software to manage its operations.
The compromised network infrastructure included:
Outdated Operating Systems: Servers running legacy software, including Windows Server 2016, Windows Server 2012 R2, Ubuntu, and CentOS.
Critical Network Nodes: Full mapping of the internal 192.168.20.* subnet, exposing domain controllers, Exchange mail servers, security center monitors, and the Parsec access control system.
Defense Contracts: Software systems that were explicitly modified to process and report on state defense orders for the Russian Ministry of Defense.
InformNapalm noted that this partial public release is intended to prove the depth of the compromise while maintaining a strategic “fog of war” regarding how much access Ukrainian forces still retain.
As Russia looks to replace Starlink on the battlefield, Moscow is developing multiple domestic satellite networks. While the compromised Gonets system relies on outdated IT infrastructure, Russian forces are actively testing newer alternatives like the “Rassvet” program.
Analysts recently tracked Rassvet prototypes passing over Ukraine, providing brief 15-to-20-minute communication windows for military operations. Russia plans to mass-produce terminals for this new low-orbit system and integrate them into reconnaissance and strike drones.
Discuss this article:
-457ad7ae19a951ebdca94e9b6bf6309d.png)
