Cyber Incident Victim: All-Russia State Television
Date:
Mar 2023
Location:
Russia
Summary
A Russian state broadcaster experienced its third television and radio hack, broadcasting false emergency warnings instructing eastern residents to take radiation pills and seek shelter due to a simulated nuclear attack. This incident followed similar false alerts, including missile threats and air raid sirens over successive weeks. The latest hack displayed maps turning red, radiation symbols, and instructions to seal premises and use protective gear, disrupting programming in multiple regions including Moscow and Yekaterinburg. The country’s emergencies ministry confirmed the warnings were hoaxes resulting from server breaches. No group claimed responsibility for the broadcasts, though Ukrainian-linked hackers previously targeted media outlets during a presidential address.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 9, 2023, Russian television and radio broadcasts in multiple regions were hacked to issue a false emergency alert suggesting a nuclear attack. Viewers and listeners encountered alarming instructions advising them to "urgently go to a shelter," seal premises, use gas masks or cotton-gauze bandages, and "take potassium iodide pills"—medication specifically used in radiation emergencies. Broadcast interruptions included a map of Russia turning red from west to east, flashing radiation warning symbols, and explicit text messages stating: "Everyone immediately to shelter." This disruption impacted media outlets in Moscow and the Sverdlovsk region, notably affecting Yekaterinburg, Russia’s fourth-largest city. The alert lasted for a limited duration before normal programming resumed. Russia’s emergencies ministry confirmed the intrusion, attributing the false alarm to a server breach at radio stations and television channels, but did not disclose technical specifics of the compromise or restoration timeline.
The March 9 incident marked the third hoax broadcast targeting Russian media within 18 days. On February 22, a fake civil defense siren aired an "air raid alert" warning, followed by a February 28 broadcast falsely announcing a "missile threat." These disruptions occurred against a backdrop of escalating cyber operations since Russia’s full-scale invasion of Ukraine in February 2022. One day prior to the initial hoax alert—on February 21, 2023—streaming services carrying President Vladimir Putin’s state-of-the-nation address were disrupted by cyberattacks that took the broadcast offline. The IT Army of Ukraine, a hacker collective formed after the invasion, claimed responsibility for the February 21 streaming disruption, but no group publicly claimed the subsequent television and radio hacks. Institutional responses remained limited to the emergencies ministry’s confirmation of server breaches, with no further public remediation details or perpetrator attribution released during the immediate aftermath of the March 9 incident.