Cyber Incident Victim: Dozor
Date:
Feb 2023
Location:
Russia
Summary
A hacker attack disrupted Russian broadcast systems, triggering false air raid warnings across regional radio stations that instructed civilians to seek shelter due to an alleged missile threat, which authorities subsequently denounced as fabricated disinformation. Separately, state television websites experienced outages during a critical government address, reportedly due to a distributed denial-of-service attack, undermining official communications channels. The incidents collectively impacted media integrity and public safety messaging.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On February 21, 2023, multiple Russian state media websites broadcasting President Vladimir Putin’s parliamentary address experienced outages during the live stream. The All-Russia State Television and Radio Broadcasting Company (VGTRK) and Smotrim live-streaming platforms displayed error messages, with VGTRK citing "technical works" and Smotrim failing to load entirely. Russia’s state-run RIA Novosti news agency attributed these disruptions to a distributed denial-of-service (DDoS) attack, though Reuters could not independently verify this claim. The incident occurred shortly after state channels aired segments detailing technical preparations for the broadcast, emphasizing its nationwide coverage. This followed a pattern of cyber disruptions targeting Russian state media, as seen in a prior May 2022 incident where anti-war slogans interrupted Victory Day broadcasts.
The following day, on February 22, commercial radio and television stations across several Russian regions broadcast unauthorized air raid alerts warning citizens of an imminent missile strike. Listeners and viewers received messages urging immediate evacuation to shelters, with translations including: "Attention! Attention! The threat of a missile strike." Russia’s Ministry of Emergency Situations swiftly dismissed the alerts as false, attributing the incident to a "hacker attack" on the servers of regional broadcasters. Officials emphasized reliance on official channels for accurate information but did not disclose technical details of the intrusion or attribution. Separately, on February 24, hacker group CH01 defaced at least 32 Russian commercial websites—including businesses in agriculture, hospitality, and manufacturing—replacing content with a video depicting the Kremlin burning alongside a song by Russian rock band Kino. The group claimed responsibility via a linked Telegram channel, citing opposition to Russia’s invasion of Ukraine. Most defaced sites remained compromised for over 12 hours before restoration. These incidents occurred amid heightened cyber activity linked to the conflict, reflecting broader trends of politically motivated disruptions targeting Russian infrastructure.