Russia's internet regulator Roskomnadzor (RKN) has reportedly escalated its war on VPNs from passive blocking to active DDoS attacks, with Amnezia VPN and BlancVPN among the first documented victims. The attacks began in late May 2026 and mark an unprecedented shift in how Russian authorities approach VPN suppression.
From Blocking to Active DDoS Attacks on VPNs
For years, Roskomnadzor's primary tool against VPN services was deep packet inspection (DPI) and IP-address blocking. That changed in late May 2026, when Amnezia VPN - one of Russia's most widely used privacy tools - began reporting severe availability issues. By June 1, the developers confirmed what many had feared: the disruptions were not the result of ordinary blocking, but of direct DDoS attacks targeting their infrastructure.
"For the first time, we can state as fact that Roskomnadzor has begun not only blocking VPN servers but actively attacking our infrastructure," Amnezia's developers wrote in an official statement. The attacks rendered Amnezia's Free and Premium servers nearly unreachable, preventing users from switching between servers or establishing stable connections. The recovery, initially estimated to take a few hours, stretched on for days as developers worked around the clock to restore service.
BlancVPN and Other VPN Services Also Hit
Amnezia was not alone. BlancVPN - another Russia-focused privacy service known for bypassing RKN's DPI filters - also experienced major disruptions during the same period. A BlancVPN representative noted that service had been partially restored by June 4, but also observed a clear trend: "There have been more blockings in 2026 than in 2025, and more in 2025 than in 2024, and there is no reason to expect that trend to change."
Multiple other VPN services were also reported to have experienced problems, though most have not publicly confirmed whether their disruptions were caused by DDoS attacks or conventional IP-blocking. Simultaneously, the scale of complaints about MTProto - Telegram's custom cryptographic protocol designed to bypass censorship - reached unprecedented levels across the country. Users reported that their proxy connections were constantly dropping or timing out. Experts suggest this was not a coincidence, but rather a coordinated operation targeting the underlying infrastructure of the most popular anonymization tools in Runet.
The Legal Framework Behind Roskomnadzor's Escalation
The DDoS offensive against VPN infrastructure did not happen in a legal vacuum. In October 2025, Russia adopted Government Decree No. 1667, which dramatically expanded Roskomnadzor's enforcement powers and cybersecurity oversight over the public communications network. Under this regulation, the agency cemented its centralized management capabilities, allowing it to block virtually any service using TSPU (technical means of countering threats) DPI technology installed across all operators' network nodes.
More alarmingly, this framework appears to have emboldened the regulator to move beyond mere filtering. Regulators now apparently have the green light to actively disrupt services via sustained traffic floods rather than simply preventing domestic access to them. When asked for a response, Roskomnadzor did not comment on Amnezia's statement. This silence follows a consistent pattern: Russian authorities rarely acknowledge specific technical censorship actions, preferring to let the network disruptions speak for themselves.
What This Means for VPN Infrastructure in Russia
The shift from passive blocking to an active DDoS-attacking strategy has serious implications. A blocked server IP can be replaced relatively quickly by dynamically generating a new one. However, a service whose core infrastructure is under constant, large-scale DDoS attack cannot easily recover or authenticate its users. Individuals who relied on obfuscated VPN protocols to bypass RKN's filters now face a more aggressive adversary willing to severely degrade, not just deny, overall network access.
Experts note that this escalation is consistent with a broader trend toward tighter internet control in Russia. The number of blocked services and protocols has increased each year since 2022, and the massive state budget allocated to TSPU systems allows for large-scale offensive campaigns. The DDoS tactic is particularly effective because no matter how cleverly a VPN disguises its traffic, the servers themselves can simply be overwhelmed with junk requests.
With millions of Russian users relying on VPNs to access blocked platforms, international news, and secure communications, the stakes of these infrastructure attacks extend well beyond individual services. It represents an active cyber-offensive against digital privacy tools.
