Cyberattack on Russian Tech Firm Astral Disrupts Business and Government Services for a Week
A cyberattack on Russian software company Kaluga Astral disrupted tax reporting, cash registers, and digital certificate services for a week, affecting businesses and government agencies.
Russian software company Kaluga Astral disclosed on Monday that a cyberattack earlier this month disrupted its services for approximately one week, impacting customers reliant on its platforms for tax reporting, electronic document management, and other critical business operations. The company stated that it is restoring each service only after completing a full security review, prioritizing security over speed of recovery. Russian government agencies are involved in the investigation, limiting Astral's ability to publicly disclose details about the attack.
The incident affected a wide range of services used by Astral's clients, including cash register operations, customer portals, corporate email, HR document management systems, and authentication via digital certificates. These disruptions led to difficulties in selling regulated goods and accessing essential business tools. Astral's internal investigation found no evidence of customer data leakage or compromise, and the company has not attributed the attack to any specific threat actor or disclosed a possible motive.
Kaluga Astral, founded in 1993, develops electronic document management software, digital reporting systems for government agencies, and cybersecurity products. The company serves government institutions, banks, and large state-owned enterprises, including Russian Post and Moscow public transport operator Mosgortrans. The breadth of its client base underscores the cascading risks of supply-chain compromises in critical service providers.
This is not the first cyberattack targeting Astral. In 2022, the company suffered a distributed denial-of-service (DDoS) attack that disrupted services and interfered with customers' reporting processes. The threat actor behind that attack remains unknown. In 2023, the IT Army of Ukraine, a volunteer hacktivist collective, listed Astral among its intended targets, though there is no evidence linking the group to the latest incident.
The attack highlights the vulnerability of critical infrastructure and service providers in Russia, especially amid the ongoing conflict with Ukraine. While no group has claimed responsibility, the incident adds to a series of cyber operations targeting Russian entities. The prolonged recovery period and involvement of government agencies suggest the attack may have been sophisticated, though technical details remain scarce.
As Astral continues to restore services, affected businesses and government agencies face operational challenges. The incident serves as a reminder of the importance of robust cybersecurity measures and contingency planning for organizations that depend on third-party service providers. The lack of attribution leaves open questions about the attacker's identity and objectives, but the impact on Russia's digital infrastructure is clear.