Ukrainian hackers celebrate Putin’s birthday with two high-profile attacks

Two hacking attacks apparently related to Russian President Vladimir Putin’s birthday targeted the country’s leading state media provider and websites linked to its court and judicial system.

According to Gazeta, a Russian news agency, VGTRK, the provider of leading Russian state media, suffered the attack late Sunday into Monday. The attack was first announced by the hacker group “sudo rm-RF” on its X account early Monday morning. Around the same time, a group calling itself “BO Team” claimed responsibility for the attack on the justice system on its Telegram channel.

“Happy birthday d–khead,” BO Team wrote, according to a machine translation. The same message was included in the sudo rm -RF X announcement. Putin turned 72 on Monday.

VGTRK did not immediately respond to a request for comment on Monday, but TASS, another Russian state news agency, quoted the company as saying that while the attack was “unprecedented,” “no significant damage was caused.” News outlets’ websites appeared to be back up and running as of early Monday afternoon, but the Justice website remained inaccessible.

Russian officials told reporters that the VGTRK attack was significant.

“Our state media holding, one of the largest, has been subjected to an unprecedented hacker attack on its digital infrastructure,” Kremlin spokesman Dmitry Peskov told reporters, according to Reuters. Maria Zakharova, a spokeswoman for the Russian Foreign Ministry, said Moscow would raise the issue “in all international forums,” the news agency reported.

Sudo rm-RF, a pro-Ukrainian hacking group, claimed previous hacks on RuTube in 2022 and MosgorBTI in 2023, according to Oleg Shakirov, a doctoral student at Johns Hopkins University’s School of Advanced International Studies and Russian cyber policy expert .

Shakirov told CyberScoop in an online chat on Monday that the full extent of the attack on VGTRK was unknown, but there was evidence that it was “significant” and allegedly contained destructive elements. The group’s attack on MosgorBTI, Moscow’s real estate registration system, required the creation of an entirely new website, Shakirov said.

The attack on the courts targeted a centralized system called GAS Pravosudie, which had been inaccessible since early Monday morning.

“The attack on the court system has received much less attention than the one on VGTRK, but it can have serious consequences,” Shakirov said, pointing out that the system “is quite large and is not used only for public information.” So far there have been “only reports of access to websites and no indication that the work of the courts has been disrupted in any way,” he said.

The BO team claimed responsibility for a series of destructive cyberattacks last year related to Ukraine’s defense against Russian attacks. In August, for example, the group claimed responsibility for an attack on an internet provider that provided services to a Russian nuclear contractor in the city of Snezhinsk, one of Russia’s “closed” cities involved in the country’s nuclear program.

This and other attacks reportedly involved cooperation with the Defense Intelligence Agency of Ukraine (GUR). The agency has acknowledged cyberattacks on Russian targets in the past in collaboration with the BO team.

The agency has conducted more than 100 “large-scale cyber operations” in Russia since the full-scale invasion began, the agency said in a statement on its website, as part of its mission to collect intelligence and “damage and harm the country destroy”. enemy equipment used for the transmission of information or the functioning of the financial and economic activities of certain institutions or companies.”

The agency did not immediately respond to a request for comment Monday.