Cyber Incident Victim: OLL.TV
Date:
Jun 2022
Location:
Ukraine
Summary
A cyberattack attributed to Russian-aligned actors compromised a Ukrainian online television broadcaster during a national football team's World Cup qualifying match. Hackers infiltrated a content delivery network node, redirecting traffic to display Russian propaganda messages instead of the scheduled sports coverage. The broadcaster temporarily halted transmissions to mitigate the disruption and restore legitimate service. This incident occurred amid broader cyber operations targeting Ukrainian infrastructure, including attempts to breach officials' mobile devices, though no successful phone compromises were confirmed. The attack exemplified ongoing efforts to disrupt communications and spread disinformation alongside conventional military actions in the conflict.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 5, 2022, during a critical World Cup qualifying playoff match between Ukraine and Wales, Russian-aligned threat actors executed a cyberattack targeting Ukrainian broadcasting infrastructure. The attackers compromised a content delivery network (CDN) node used by Ukrainian online television provider OLL.TV, rerouting broadcast traffic to substitute the live sports coverage with Russian propaganda content. Social media evidence confirmed the unauthorized transmission of pro-Russian messaging across OLL.TV's channels during the match, which Ukraine ultimately lost 0-1. Ukrainian cybersecurity authorities from the State Service of Special Communications and Information Protection (SSSCIP) detected the intrusion and initiated an emergency response, temporarily halting the broadcast to terminate malicious traffic flows and restore legitimate service. The disruption occurred amid heightened tensions as Ukraine competed for World Cup qualification while defending against Russia's ongoing invasion.
The incident formed part of a broader pattern of Russian cyber operations against Ukrainian media and government systems during the conflict. SSSCIP Deputy Head Victor Zhora publicly attributed the attack to Russian threat actors, noting concurrent attempts to compromise mobile devices belonging to Ukrainian officials through malware distribution campaigns. While SSSCIP confirmed awareness of potential "zero-click" exploit risks like Pegasus spyware, they reported no verified successful breaches of officials' phones at that time. The CDN compromise demonstrated tactical coordination with military aggression, occurring three months after Russia's full-scale invasion had already displaced millions of Ukrainians. By disrupting a nationally significant sporting event and replacing it with propaganda, the attack extended psychological operations beyond traditional battlefields into civilian digital spaces, though Ukrainian authorities contained the intrusion within the broadcast timeframe without reported collateral damage to other critical infrastructure sectors.