Cyber Incident Victim: Amtel-Svyaz
Date:
Feb 2023
Location:
Russia
Summary
Hackers targeted Russian regional broadcasters, causing false air raid warnings that urged citizens to seek shelter due to alleged missile threats, which authorities attributed to server breaches. Separately, state television websites experienced outages during a presidential address, reportedly due to DDoS attacks, disrupting public access to official broadcasts. Another unrelated incident involved a hacker group defacing various commercial websites with anti-war imagery and messages, including a burning Kremlin and politically charged content.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On February 21, 2023, Russian state media websites experienced disruptions during President Vladimir Putin's address to parliament. The All-Russia State Television and Radio Broadcasting Company (VGTRK) website and Smotrim live-streaming platform became inaccessible in multiple locations, displaying messages about technical maintenance. State-run RIA Novosti attributed the outage to a distributed denial-of-service (DDoS) attack, though Reuters could not independently verify this claim. The incident occurred despite prior technical preparations highlighted in state TV segments, which had emphasized seamless broadcast distribution across major channels. This disruption preceded a series of cyber incidents coinciding with the first anniversary of Russia's invasion of Ukraine.
The following day, on February 22, 2023, commercial radio stations across multiple Russian regions broadcast unauthorized air raid alerts warning citizens of an imminent missile strike. The automated message instructed listeners to seek immediate shelter, stating: "Attention! Attention! The threat of a missile strike." Russia's Ministry of Emergency Situations quickly denounced the alerts as false via Telegram, attributing them to a hacker attack on radio station servers. The incident caused public confusion, prompting official reassurances to rely only on government sources. This marked at least the second major broadcast compromise since May 2022, when Russian television channels displayed anti-war messages during Victory Day celebrations. Concurrently, hacker group CH01 launched website defacements on February 24, replacing content with imagery of the Kremlin burning and linking to protest messages via QR codes. While distinct from the radio intrusion, these actions formed part of broader cyber activities surrounding the invasion anniversary, mirroring previous hacktivist operations like the Ukraine IT Army's disruptions. The Russian government maintained its narrative of external cyber aggression while facing accusations of conducting similar operations against Ukraine and NATO states.