The creator of the AntiZapret block bypass service and an information security specialist under the pseudonym ValdikSS identified an attack on one of the largest Russian Jabber messenger servers. He reported this on his blog.
As ValdikSS writes, the attack occurred on the networks of German providers Hetzner and Linode, where the jabber.ru server is located, and was organized by redirecting encrypted traffic to a spoof transit node and replacing certificates encryption.
The first spoofed certificates were issued on April 18, but confirmed cases of the attack were recorded from July 21 to October 19. The attack stopped after these certificates expired. Then the administrators of jabber.ru began proceedings with Hetzner and Linode.
According to ValdikSS, the substitution was probably carried out with the knowledge of the providers and at the request of German law enforcement agencies. The initiators of the attack could gain access to the data of jabber.ru users, all their correspondence since at least July 21, and also had the ability to send messages on their behalf.