From Ukraine: Cyberattack hits Russian state media and judicial websites

Russian state media and organizations have suffered a major IT system failure since Monday, which may have been caused by a cyberattack. This was reported by the Reuters agency and Russian Gazeta, among others. The exact extent of the outage is unclear, but some systems are still unavailable at the moment. State television broadcasting is currently unaffected, and internal clean-up and investigation work is apparently beginning.

The Russian WGTRK (Всероссийская государственная телевизионная и радиовещательная компания, about: All-Russian State Television and Radio Company) is a state media holding company that owns, among other things, the television stations Rossiya 1, 2, the sanctioned foreign broadcaster Rossiya RTR and several radio stations. It came under digital fire on the night of October 7th: As several media outlets unanimously reported, websites and streams of the WGTRK-owned media went down. The virtual doors also closed at the Ministry of Justice, and several of the ministry's domains are still offline.

A source close to the media holding company told the Russian news portal Gazeta that all data, including backups, had been deleted from the organization's servers, meaning it would take a long time to restore them. Reuters journalists also reported that the stream of the Rossiya-24 channel was unavailable. Internal services such as WGTRK's internet and telephone connections were also affected.

However, a WGTRK spokesperson denied this to the Russian state news agency TASS: No significant damage had been suffered and everything was working as usual. The interrupted live stream was restored on Tuesday morning, as was the Russian-language WGTRK website. However, the English version of the media holding company's website is still offline – a check by heise online and network experts revealed that it cannot be accessed from Russia either.

Russia and Ukraine assume an attack

The Russian media claim that the outage was caused by a hacker attack from Ukraine. Kremlin spokesperson Dmitry Peskov told Reuters that they had been subjected to an "unprecedented attack on the digital infrastructure of the state media company". "Specialists are working to find out all the circumstances" and are following up leads about the perpetrators, Peskov added.

A source from Ukrainian government circles informed the news agency that hackers from Ukraine had caused the outage and that it was a gift for Vladimir Putin's 72nd birthday. A group called "sudo rm -RF" was responsible. Their name is an allusion to the recursive delete command on Linux systems, the options "-rf" (for "recursive delete without prompting") can also be read as "Russian Federation" in capital letters.

Both information from Russian state sources and the anonymous quotes from Ukraine cannot be independently verified. However, this is not the first cyberattack for the WGTRK: activists from the "DDosSecrets" collective had already captured and published the company's data in 2022.

Russian activists vow revenge

The group NoName057(16), a Russian collective that works primarily with dDoS attacks (distributed denial of service), announced "initial retaliatory strikes against Ukraine" on its Telegram channel and already flooded various government websites and companies of the state attacked by Russia in violation of international law with packets on Monday afternoon.

(cku)