Pro-Ukrainian hackers target Russian state television on Putin's birthday.


Ukraine has taken responsibility for a cyber attack targeting the Russian state media company VGTRK, disrupting its operations, as reported by Bloomberg and Reuters. 

The incident occurred on the night of October 7, with VGTRK labeling it an "unprecedented hacker attack." However, the company stated that it suffered "no significant damage" and that its systems were functioning normally despite attempts to disrupt radio and television broadcasts.

In contrast, Russian media outlet Gazeta.ru reported that the hackers had erased "everything" from the company’s servers, including backups, citing an anonymous source.

A source informed Reuters that "Ukrainian hackers 'congratulated' Putin on his birthday with a large-scale attack on the all-Russian state television and radio broadcasting company." The attack is believed to have been carried out by a pro-Ukrainian hacker group known as Sudo rm-RF. The Russian government has announced an ongoing investigation, framing the incident as part of the West's anti-Russian agenda.

This incident is part of a broader pattern of cyber attacks affecting both Russia and Ukraine amid the ongoing Russo-Ukrainian war that began in February 2022.

According to a report from Ukraine's State Service of Special Communications and Information Protection (SSSCIP) published last month, there has been a rise in cyber attacks targeting the security, defense, and energy sectors, with 1,739 incidents recorded in the first half of 2024—an increase of 19% from 1,463 in the previous half. Among these incidents, 48 were classified as critical or high severity. Over 1,600 attacks were rated as medium, while 21 were deemed low severity. Notably, the number of critical severity incidents dropped from 31 in the second half of 2023 to just 3 in the first half of 2024.

Over the past two years, adversaries have shifted from executing destructive attacks to establishing covert access for extracting sensitive information. 

"In 2024, we are observing a shift towards targeting anything directly related to the theater of war and attacks on service providers, aiming for low-profile presence in systems tied to war and politics," stated Yevheniya Nakonechna, head of the State Cyber Protection Centre of the SSSCIP. 

"Hackers are now focusing on areas crucial for the success and support of military operations rather than merely exploiting vulnerabilities."

The attacks have been attributed to eight distinct activity clusters, including a China-linked cyber espionage group known as UAC-0027, which has been detected using a malware strain called DirtyMoe for cryptojacking and DDoS attacks.

SSSCIP has also pointed to intrusion efforts by a Russian state-sponsored hacking group known as UAC-0184, which is recognized for initiating contact with potential targets via messaging apps like Signal to distribute malware. Another persistent threat to Ukraine is Gamaredon, a Russian hacking group also referred to by various names such as Aqua Blizzard, Armageddon, and Trident Ursa.

"While the physical conflict's intensity has significantly increased since 2022, Gamaredon's level of activity has remained steady; the group has systematically deployed its malicious tools against targets since before the invasion began," noted Slovak cybersecurity firm ESET.

Among the malware families used is an information stealer called PteroBleed. Gamaredon also utilizes a range of downloaders, droppers, backdoors, and other ad hoc programs to facilitate payload delivery, data exfiltration, remote access, and propagation through connected USB drives.

"Gamaredon has shown resourcefulness by employing various techniques to evade detection, using third-party services like Telegram, Cloudflare, and ngrok," said security researcher Zoltán Rusnák. "Despite the relative simplicity of its tools, Gamaredon's aggressive tactics and persistence pose a significant threat."

Credit:TheHackerNews.