Cyber Incident Victim: All-Russia State Television
Date:
Feb 2023
Location:
Russia
Summary
During a televised speech, a suspected DDoS attack disrupted the websites of a major Russian broadcaster and its streaming platform, causing outages and technical errors during the broadcast. The IT Army of Ukraine claimed responsibility, stating they targeted channels showing the event; the group, formed following Ukrainian government calls for cyber support, coordinates volunteer-driven DDoS attacks against Russian digital infrastructure, resulting in sporadic service interruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 21, 2023, multiple platforms broadcasting Russian President Vladimir Putin's state of the nation address experienced disruption, reportedly due to a distributed denial-of-service (DDoS) attack. Websites operated by the All-Russia State Television and Radio Broadcasting Company (VGTRK) and the Smotrim live-streaming platform became intermittently inaccessible to journalists in various locations during the speech. The Smotrim site failed to load entirely for some users, while VGTRK displayed an error message indicating ongoing "technical works." Though Reuters noted it could not independently verify the cause of the outages, Russian state news agency RIA Novosti attributed the disruptions to malicious online actors. Ukrainian hacktivist group IT Army of Ukraine publicly claimed responsibility via a Twitter post, stating, "Great job! We launched a DDoS attack on channels showing Putin's address to the federal assembly: 1TV, VGTRK and Smotrim." The group linked its efforts to geopolitical conflict, concluding the message with "Slava Ukraini" (Glory to Ukraine).
The IT Army of Ukraine emerged early in the 2022 Russian invasion following public calls by Ukrainian Vice Prime Minister Mykhailo Fedorov for digital volunteers to target Russian entities. The group selects targets and coordinates attacks through its Telegram channel, leveraging widely available DDoS-for-hire tools to overwhelm websites with traffic. Similar attacks previously disrupted Russia's alcohol distribution portal, Moscow Stock Exchange, and multiple banking institutions. Concurrently, pro-Russian hacktivist groups like Killnet have claimed attacks against U.S. airports, Lithuanian and Japanese government sites, and healthcare facilities in the U.S. and Netherlands. While definitive attribution remains challenging, the VGTRK incident aligns with a pattern of reciprocal cyber activities tied to the conflict, combining grassroots hacktivism with readily accessible attack methods to achieve sporadic but symbolically significant disruptions. No organizational responses or containment measures from VGTRK or Russian authorities were detailed in available reports following the broadcast interruption.