Cyber Incident Victim: Rublev
Date:
Mar 2015
Location:
Russia
Summary
A Russian Orthodox Christian search engine and social network named Rublev suffered a distributed denial-of-service (DDoS) attack shortly after its public launch, disrupting services and knocking the platform offline within hours. The attack overwhelmed the server with excessive requests, causing prolonged operational issues despite partial restoration efforts. The religious-focused platform, designed to filter offensive content and connect users with faith-based resources, remained partially impaired with some tools non-functional following the incident. Attackers responsible for the DDoS remained unidentified, a common challenge given the use of compromised systems to mask their origin. The disruption prompted public updates from the project's creator, who expressed surprise and frustration over the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Russian Orthodox search engine "Rublev" experienced a distributed denial-of-service (DDoS) attack approximately five hours after its public launch on March 5, 2015. Developed over two years by Russian film director Yuri Grymov, the platform aimed to serve Russian Orthodox Christians by providing filtered search results excluding offensive content, religious news, interviews with clergy, and social networking capabilities. The service operated exclusively in Russian with no announced plans for multilingual support at launch. Attackers overwhelmed Rublev's servers with excessive traffic requests, causing significant service disruption that rendered the platform nearly inoperable. Grymov confirmed via a blog post two days post-incident that core website functions had been largely restored, though ancillary tools and services remained impaired. The attack's timing during Rublev's critical launch phase maximized operational disruption, preventing user adoption and testing of its unique content-filtering system, which blocked searches for terms like "smut" by returning biblical commandments instead of results.
The DDoS attack prevented Rublev from fulfilling its intended role as a religious-oriented alternative to mainstream search engines during its initial operational window. Service restoration efforts consumed administrative resources that would otherwise have supported platform optimization and user outreach. Grymov utilized his Facebook account, which had over 3,500 followers, to provide incident updates, expressing both surprise and frustration at the targeting of a non-commercial religious project. Attackers leveraged compromised computer networks to generate traffic floods, a common DDoS methodology available through cybercrime services for rates as low as $150 for eight-hour attacks. No attribution details emerged regarding the perpetrators, consistent with the anonymizing nature of botnet-based attacks. The incident highlighted vulnerabilities in the platform's infrastructure despite its specialized focus, with prolonged partial outages undermining user confidence during Rublev's critical first-week operations. Functional limitations persisted days after the initial attack, though Grymov's public communications emphasized ongoing recovery efforts without specifying technical countermeasures or long-term mitigation strategies.