Cyber Incident Victim: RuTube
Date:
May 2022
Location:
Russia
Summary
A Russian video streaming platform suffered a cyberattack coinciding with a national military celebration, resulting in extended downtime across its website and mobile applications. The victim denied claims of source code or video archive loss, asserting that restoration efforts were underway with external security support, though attackers allegedly compromised significant portions of its infrastructure. Concurrently, hackers defaced Russian TV schedules to display anti-war messages accusing authorities of lying about the Ukraine conflict. While no group claimed responsibility, the incidents were attributed to pro-Ukrainian hacktivists targeting symbolic dates. Technical recovery complexities delayed service restoration despite assurances that user data remained unaffected.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 9, 2022, coinciding with Russia’s Victory Day military parade, Russian video streaming platform RuTube suffered a cyberattack that forced it offline. The platform, owned by Gazprom-Media and described as a Russian alternative to YouTube, displayed a message stating the site was undergoing technical work due to the attack. Concurrently, hackers defaced online Russian TV schedules, replacing program names with anti-war messages accusing the Kremlin of lying about the Ukraine conflict and stating, "On your hands is the blood of thousands of Ukrainians and their hundreds of murdered children." These altered schedules were indexed by search engines like Google and Yandex, amplifying their visibility. RuTube confirmed the cyberattack via Telegram, characterizing it as "powerful" but unspecified in nature, affecting all platforms including mobile and smart TV apps. The service asserted that user content, video archives, and source code remained intact, contradicting claims by the hacktivist group Anonymous, which alleged near-total destruction of databases and backup infrastructure. RuTube engaged cybersecurity firm Positive Technologies to assist in recovery efforts, though initial restoration timelines proved overly optimistic due to the attack’s scale.
The incident caused extended service disruption, with RuTube remaining offline until May 12. During this period, the platform emphasized that petabytes of archival data and hundreds of servers required meticulous restoration, dismissing Anonymous’s "gloomy forecasts" as inaccurate. While no group claimed responsibility, the timing aligned with heightened hacktivist activity targeting Russian infrastructure during the Ukraine conflict, particularly on symbolically significant dates. The TV schedule defacement and RuTube outage collectively demonstrated operational impacts: RuTube’s 3 million monthly visitors (per one source; another cited 25 million active users) lost access, while the TV hack leveraged search engines to broadcast anti-war messages beyond the original defacement. RuTube’s restoration efforts focused on rebuilding file systems and databases for remote environments, maintaining throughout that core assets like source code and video libraries were uncompromised. The attacks underscored the persistent cyber threats facing Russian digital assets during the wartime period.