Pro-Ukrainian Hackers Target Russian State TV on Putin’s Birthday
In a bold move, Ukraine has claimed responsibility for a cyberattack on the Russian state media company VGTRK, disrupting its operations on the night of October 7. Reports from Bloomberg and Reuters indicate that VGTRK described the incident as an “unprecedented hacker attack,” although the company claimed there was “no significant damage,” and that its broadcasts continued as normal despite the disruption.
However, a report from the Russian outlet Gazeta.ru suggested otherwise, stating that hackers had wiped “everything” from the company’s servers, including backups, as cited by an anonymous source.
According to a source who spoke with Reuters, “Ukrainian hackers ‘congratulated’ Putin on his birthday by launching a large-scale attack on the all-Russian state television and radio broadcasting company.”
Cybersecurity Implications
The attack is attributed to a pro-Ukrainian hacker group known as Sudo rm-RF. The Russian government has announced that it is conducting an investigation into the incident, claiming it aligns with a broader “anti-Russian agenda” from the West.
This event is part of a wider trend of cyberattacks affecting both Russia and Ukraine, especially in the context of the ongoing Russo-Ukrainian war that started in February 2022. Ukraine’s State Service of Special Communications and Information Protection (SSSCIP) recently reported a significant rise in cyberattacks targeting critical sectors such as security, defense, and energy. In the first half of 2024, there were 1,739 recorded incidents—a 19% increase from the previous half.
Of these incidents, 48 were classified as either critical or high severity. More than 1,600 were categorized as medium severity, while 21 were deemed low severity. Notably, the number of critical incidents fell sharply from 31 in the second half of 2023 to just 3 in the first half of 2024.
Over the past two years, adversaries have shifted tactics from destructive attacks to covert operations aimed at extracting sensitive information. “In 2024, we observe a pivot in their focus toward anything directly connected to the theater of war and attacks on service providers, aimed at maintaining a low profile and sustaining a presence in systems related to war and politics,” said Yevheniya Nakonechna, head of the State Cyber Protection Centre of the SSSCIP.
The attacks have been attributed to eight different activity clusters, one of which includes a China-linked cyber espionage group identified as UAC-0027, known for deploying a malware strain called DirtyMoe for cryptojacking and DDoS attacks.
Additionally, SSSCIP has pointed out intrusion campaigns by a Russian state-sponsored hacking group named UAC-0184, which has a history of communicating with potential targets via messaging apps like Signal to distribute malware.
Persistent Threats
Another significant threat actor focused on Ukraine is Gamaredon, a Russian hacking group also known by various aliases, including Aqua Blizzard, Armageddon, and Shuckworm.
ESET, a Slovak cybersecurity firm, noted that while the physical conflict has escalated since 2022, Gamaredon’s activities have remained steady. “The group has been methodically deploying its malicious tools against targets since well before the invasion began,” the firm stated.
Among the notable malware families employed by Gamaredon is an information stealer called PteroBleed. The group also utilizes a variety of tools such as downloaders, droppers, backdoors, and other programs for payload delivery, data exfiltration, remote access, and propagation through connected USB drives.
“Gamaredon has shown resourcefulness by using various techniques to evade detection, leveraging third-party services like Telegram and Cloudflare,” remarked security researcher Zoltán Rusnák. “Despite the simplicity of its tools, Gamaredon’s aggressive approach and persistence pose a significant threat.”
Recent Posts
- From $22M in Ransom to +100M Stolen Records: 2025’s All-Star SaaS Threat Actors to Watch
- SunsetHost Holiday Sale: Exciting Deals on KVM and Dedicated Servers
- Robust Customer Support and Security, Advanced Features for Power Users, Domain Management and Email Services
- SunsetHost: Cutting-Edge US Data Center with Unmatched Hosting Performance
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play, Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested & INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million
Recent Comments
Categories