A cyberattack disrupted operations at Delta, a Russian provider of alarm and security systems for homes, businesses, and vehicles, causing widespread outages and customer complaints. Delta described the incident as a “large-scale” and “well-organized” external attack, with company leadership claiming it originated from an unspecified hostile foreign state; Delta also said it had no evidence at the time that customers’ personal data had been compromised. As services went down, Delta’s website and phone lines remained offline into the following day, forcing the company to communicate with customers via VKontakte while it worked to restore systems from backups amid concerns about follow-on attacks.
The outage had immediate real-world impact, particularly for users of Delta’s vehicle security features: reports described customers being unable to unlock cars, disable alarms, or use remote start, with some accounts alleging doors locking unexpectedly and even engines shutting down while in motion. Separate reporting noted Delta’s app (launched in 2020) supports tracking vehicle location and stores payment data, increasing customer concern about potential exposure if Delta’s internal systems were breached; however, no threat actor has claimed responsibility and it remains unclear whether the disruption was caused by DDoS or a more destructive intrusion such as ransomware or a wiper.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
On the same day, a separate large-scale outage affected Russian airline and airport booking and check-in systems tied to Sirena-Travel. Authorities said this incident was caused by an internal technical failure rather than a cyberattack.
By 2026-01-27, Delta's website and phone lines were still unavailable, forcing the company to communicate with customers through social platforms. Reports said the outage continued to affect vehicle and building alarm functions across Russia.
After the attack, an unidentified Telegram channel claiming to be behind the intrusion published an alleged archive of stolen Delta data. The authenticity of the archive was not independently verified, and reporting noted uncertainty over whether any customer data was actually exposed.
Following the disruption, Delta said the attack was a coordinated intrusion originating from a hostile foreign state or foreign actor. The company said it was restoring systems from backups while trying to prevent follow-on attacks, and stated it had no evidence that customer personal data had been compromised.
On 2026-01-26, Russian security systems provider Delta was hit by what it described as a large-scale external cyberattack. The incident disrupted smart alarm services for homes, businesses, and vehicles, with customers reporting inability to unlock cars, disable alarms, start engines, and other service failures.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
fortra.com
Open sourcescworld.com
Open sourcenews.risky.biz
Open sourcetherecord.media
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.