Ukraine has claimed responsibility for a cyber attack targeting the Russian state media company VGTRK and disrupting its operations, according to a report from Bloomberg and Reuters.
The incident took place on the night of October 7, VGTRK reports confirmeddescribing it as an “unprecedented hacking attack”. However, it said there was no “significant damage” and that everything was operating normally, despite attempts to disrupt radio and television broadcasts.
This is reported by the Russian publication Gazeta.ru informed that hackers wiped “everything” from the company’s servers, including backups, citing an anonymous source.
A Reuters source reported that “Ukrainian hackers ‘congratulated’ Putin on his birthday by conducting a large-scale attack on the All-Russian State Broadcasting Company.”
The attack is believed to be the work of a pro-Ukrainian hacker group called Sudo rm-rf. The Russian government since then said The investigation into the attack continues and that it “coincides with the anti-Russian agenda of the West.”
This event comes amid ongoing cyber attacks against Russia and Ukraine amid the Russia-Ukraine war that began in February 2022.
The State Service for Special Communications and Information Protection of Ukraine (SCSI) said in a report published late last month that there was an increase in the number of cyber attacks targeting the security, defense and energy sectors, with 1,739 incidents reported in the first half of the year. 2,024, up 19% from 1,463 in the previous half.
Forty-eight of these attacks were rated as either critical or very serious. More than 1,600 incidents were classified as medium and 21 were listed as low severity. The number of critical level incidents fell from 31 in the second half of 2023 to 3 in the first half of 2024.
Over the past two years, adversaries have moved from conducting devastating attacks to providing covert bridgeheads to extract sensitive information, the agency said.
“In 2024, we see a shift in their attention to everything that is directly related to the theater of war and attacks on service providers – aimed at maintaining restraint, maintaining a presence in systems related to war and politics,” Yevgenia Nakanechno, head of the State Center cyber defense of the National Security Agency, said.
“Hackers are no longer simply exploiting vulnerabilities wherever they can, but are now targeting areas critical to the success and support of their military operations.”
The attacks are largely attributed to eight different clusters of activity, one of which includes a China-linked cyberespionage actor tracked as UAC-0027 a malicious strain called DirtyMoe was spotted deploying to carry out cryptojacking and DDoS attacks.
SSSCIP has also covered intrusion campaigns organized by a Russian state hacking group called UAC-0184citing its experience of initiating communications with potential targets using messaging programs such as Signal in order to spread malware.
Another subject of threat, which focused on Ukraine, is Hammeredona Russian hacking group also known as Aqua Blizzard (formerly Actinium), Armageddon, Hive0051, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, UAC-0010, UNC530, and Winterflounder.
“The intensity of the physical conflict has increased markedly since 2022, but it is worth noting that Gamaredon’s level of activity has remained unchanged – the group has been methodically deploying its malicious tools against its targets long before the invasion began,” Slovak Cybersecurity. company ESET said in the analysis.
Notable among the malware families is an information stealer called PteroBleed, which also relies on an arsenal of bootloaders, loaders, weaponware, backdoors, and other special programs to facilitate payload delivery, data theft, remote access, and distribution via connected USB drives.
“Gamaredon has also shown resourcefulness by using various methods to evade network detections using third-party services such as Telegram, Cloudflare and ngrok,” said security researcher Zoltan Rusnak. “Despite the relative simplicity of the tools, Gamaredon’s aggressive approach and persistence make it a significant threat.”
