Cyber Incident Victim: Russian Federation
Date:
Feb 2023
Location:
Russia
Summary
Cyber attacks targeting Russian media and websites disrupted operations, including a hack causing regional radio stations to broadcast false air raid warnings instructing citizens to seek shelter from alleged missile strikes, which authorities attributed to threat actors. Separately, a DDoS attack temporarily took down state television websites during a key presidential address. Additionally, the newly emerged hacker group CH01 defaced multiple commercial websites, replacing content with politically motivated imagery such as the Kremlin on fire and linking to protest messages, while leveraging symbolic Russian music to amplify their anti-regime stance. These incidents collectively involved service interruptions, dissemination of fabricated alerts causing public concern, and defacements promoting anti-war narratives.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On February 21, 2023, Russian state media websites experienced outages during President Vladimir Putin's address to parliament. The All-Russia State Television and Radio Broadcasting Company (VGTRK) website and the Smotrim live-streaming platform became inaccessible in multiple locations, displaying messages about technical maintenance. State-run RIA Novosti attributed the disruption to a distributed denial-of-service (DDoS) attack, though Reuters could not independently verify this claim. The incident occurred despite prior technical preparations highlighted in state TV segments emphasizing the nationwide broadcast coverage. This outage coincided with Putin's speech announcing Russia's suspension of the New START nuclear treaty and blaming Western nations for initiating the Ukraine conflict. The timing underscored the operational vulnerability of critical information dissemination systems during high-profile government events.
The following day (February 22), commercial radio stations across multiple Russian regions broadcast unauthorized air raid alerts warning citizens of an imminent missile strike and instructing them to seek shelter immediately. Russia’s Ministry of Emergency Situations declared the alerts false, attributing them to a hacker attack on radio station servers. The fabricated message, which stated, "An air alert is being announced. Everyone, go to the shelters immediately. Attention! The threat of a missile strike," caused temporary public alarm. This incident mirrored a May 2022 hack of Russian television broadcasts that displayed anti-war messages during Victory Day celebrations. Separately, on February 24—the anniversary of Russia's invasion of Ukraine—the newly formed hacker group CH01 defaced at least 32 Russian websites, replacing content with a video showing the Kremlin burning and a song by Russian rock band Kino. The defacements included a QR code linking to a Telegram channel where CH01 claimed responsibility, citing opposition to Putin's regime and solidarity with Ukraine. Affected entities spanned commercial sectors, including a bakery, agricultural distributors, and a restaurant technology provider. Most websites remained defaced for over 12 hours before restoration. These coordinated disruptions demonstrated persistent vulnerabilities in Russian digital infrastructure amid heightened geopolitical tensions.