The traffic was routed through Rostelecom, owned by the Russian state. In industry parlance, it was a border gateway protocol hijack, and the hijackers can store the traffic for analysis -- even at a later date as decryption technology improves. (In a BGP hijack, attackers falsely claim ownership of IP addresses and redirect internet traffic, as though one re-arranged exit signs on a highway.) Some independent experts say the hijack could be unintentional, though Rostelcom in 2017 was cited for a BGP hijack of Visa and Mastercard routes.
This story first appeared in Inside Compliance.