The cyber attack on Russian state media organization VGTRK, disrupting its operations, has been attributed to Ukraine reports from Bloomberg and Reuters.
VGTRK confirmed the incident that occurred on the night of October 7 as an “unprecedented hacker attack,” stating that although attempts were made to disrupt radio and TV broadcasts, no significant damage was caused, and operations continued normally.
However, Gazeta.ru reported that the hackers, identified as Sudo rm-RF, wiped all data from VGTRK’s servers, including backups, as per an anonymous source.
According to Reuters, Ukrainian hackers carried out the attack on Russian state TV as a “congratulatory” gesture to Putin on his birthday.
Investigations into the cyber attack are ongoing by the Russian government, who claim the incident is in line with the West’s anti-Russian stance.
These events occur amidst a series of cyber attacks directed at both Russia and Ukraine since the beginning of the Russo-Ukrainian war in February 2022.
The State Service of Special Communications and Information Protection of Ukraine reported a rise in cyber attacks targeting security, defense, and energy sectors, with 1,739 incidents recorded in the first half of 2024, marking a 19% increase from the previous half.
Among these incidents, 48 were classified as critical or high in severity, with a decrease in the number of critical incidents from 31 in H2 2023 to 3 in H1 2024.
Adversaries have transitioned from destructive attacks to maintaining covert footholds for extracting sensitive information, focusing on strategic targets related to war and politics, according to Yevheniya Nakonechna, head of the SSSCIP’s State Cyber Protection Centre.
The attacks have been linked to various threat actors, including UAC-0027, a China-affiliated cyber espionage group using the DirtyMoe malware for cryptojacking and DDoS activities.
SSSCIP also identified intrusion campaigns by UAC-0184, a Russian state-sponsored hacker group communicating with targets via messaging apps like Signal to distribute malware.
A persistent hacker group, Gamaredon, has remained active in cyber attacks against Ukraine, utilizing tools like PteroBleed for data theft, backdoors, and other programs to compromise targets.
Despite the escalation in physical conflict since 2022, Gamaredon’s operations have proceeded methodically, showcasing a continuous threat with agility in evading detection.
Security researcher Zoltán Rusnák highlighted Gamaredon’s resourcefulness in deploying diverse evasion tactics using services like Telegram, Cloudflare, and ngrok to sustain its malicious activities.
About Author
