Ukraine Says Russian Troops Paid for Fake Starlink, Doxxed Themselves

A Ukrainian cyberwarfare division said on Thursday that it created a fake Starlink registration service to trick Russian soldiers into giving up sensitive data.

The 256th Cyber Assault Division said it partnered with open-source intelligence groups to promote a network of Telegram channels and bots that offered to help the Kremlin’s troops register Starlink terminals on a Ukrainian whitelist.

But the channels were a ruse, and had instead been run by Ukrainian forces, who were sent location and terminal data from the soldiers, the 256th said.

Its statement is yet another example of how wartime operations have spilled into social media, and comes after repeated reports that Russian forces have been trying to circumvent a region-wide Starlink block by paying Ukrainian civilians to register terminals for them.

SpaceX cut off connectivity in Ukraine earlier this month, allowing only terminals logged with the Ukrainian government to continue receiving service. The sweeping move was enacted after repeated reports that Russian forces were buying terminals on the black market to guide attack drones and run battlefield communications.

Russia downplayed the impact of the geofenced block on its operations, but Kyiv officials say that attempts by the Kremlin’s troops to register terminals indicate their need for the American-run service.

In its statement, the 256th said it leveraged those needs to connect with the Russian soldiers.

“Understanding how desperately this mold would look for ways to restore Elon Musk’s dish network — and the threats this poses — we, together with InformNapalm and MILITANT, decided to ‘help’ them,” the division wrote, citing the two groups it worked with.

According to screenshots posted by the division, which appear to show interactions with Russian troops, the Telegram bots would ask the soldiers for information about their Starlink terminals.

The soldiers then appear to share details such as their terminal ID numbers, satellite dish numbers, Starlink account numbers, and their location coordinates in latitude and longitude.

Business Insider could not independently verify the authenticity of these screenshots.

The 256th said it collected 2,420 data entries on Russian Starlink terminals and their “precise” locations, as well as $5,870 from Moscow’s troops paying for the faux service.

The division added that 31 Ukrainians had approached its network asking for opportunities to help Russians register terminals.

InformNapalm, a Ukrainian-European OSINT group, said in a statement that it played a “supporting role” in the operation by pretending to complain about Telegram channels that were supposedly aiding Russians with Starlink registration.

On Monday, the group had posted about a channel named “russian_starlink,” which it wrote was surging in popularity but had still not been blocked by Ukrainian authorities.

“That was already one of the stages of drawing Russian military personnel even deeper into the ‘honeypot,'” the group wrote of the Monday post.

MILITANT, a Ukrainian OSINT group that shared InformNapalm’s Monday post, called the initiative “Operation Self-Liquidation.”

“As for the coordinates they sent, packages were sent back. 155s,” the group wrote, referencing 155mm artillery shells.

The 256th said it sent the Russian data entries to Serhii Sternenko, an advisor on drone logistics and technology for Ukraine’s defense ministry. A spokesperson for Sternenko’s foundation did not immediately respond to a request for comment outside regular business hours.

In a separate statement on X, InformNapalm said that the deception’s “intended effect has been achieved,” indicating that the operation has concluded.