The pro-Ukrainian hacktivist group ‘sudo rm -RF’ on Monday claims to have successfully targeted Russian State media company VGTRK, knocking at least 20 national stations off the air – all as a birthday surprise for Russian President Vladamir Putin.
The unprecedented cyberattack took place early Monday morning, with reports of broadcasts being suddenly interrupted at 5:12 a.m. local time in Moscow. This disrupted more than 20 media channels, including Radio Russia and TV news stations Russia 1 and 24.
A source told local media that the anonymous hackers “erased everything from the servers, including backup copies” from VGTRK’s networks.
The attacks purposefully coincided with Putin’s 72nd birthday on October 7th.
VGTRK – the All-Russia State Television and Radio Broadcasting Company – owns and operates the country's main national TV stations, 79 regional broadcasts, multiple radio stations, and the SMOTRIM internet platform, which combines all its media assets to be viewed in one place.
According to its website, it is the largest corporation in Russia.
Independent Russian news outlet The Agency reported that from about 6:00 to 10:25 a.m., the 24-hour news channel Rossiya 24 (Russia 24) was only showing archived videos, with many of them Crimea-related.
Sudo rm -RF posted about Monday’s attack on its X account and simply captioned “Happy Birthday, F*#%k,” tagging the media company and others, with the hashtags “cyberarmy.” “Ukraine,” “UkraineRussiaWar️,” and “RussiaIsATerroristState.”
Happy Birthday, хуйло@vgtrk@YourAnonNews@cpartisans@KevinRothrock@skazal_on@berlinerzeitung@LeMagIT
undefined sudo rm -RF (@sudormRF6) October 7, 2024
@NatSecGee@campuscodi#cyberarmy #Ukraine #UkraineRussiaWar️ #RussiaIsATerroristState pic.twitter.com/vrKS0dtXJg
Sources in Russia paint a picture
In a statement to reporters, Kremlin spokesman Dmitry Peskov said "Our state media was working to overcome “one of the largest, unprecedented hacker attacks on its digital infrastructure."
"Specialists are working to find out all the circumstances, to understand where the traces left behind by those who organized this hacker attack on the critical infrastructure object lead."
Alexander Plyushchev, a Russian journalist currently based in Vilnius, the capital of Lithuania, reported on his Telegram channel that sources inside Russia told him, “The entire news complex of Russia 1 on Yamskoye Field has not been working since 5 a.m.”
The post continued, “The central controller and all servers have flown. The graduation teams have left for Shabolovka,” (a known street in the Moscow city center where the state media’s broadcast radio towers are located).
Another source reportedly told Plyushchev that Monday’s news broadcasts were recorded in a backup studio because “the central controller and all the servers crashed.”
"Online broadcasting and internal services are down and even the internet and telephony are not working. It's going to take a long time to fix," another source told Russia’s Gazeta news.
The source added that the media company had been “working in lockdown since six in the morning. The problem is very serious and recovery will take a long time."
Online broadcasts of several major VGTRK channels have been disrupted by a major cyber attack
undefined Oleg Shakirov (@shakirov2036) October 7, 2024
The attack was announced by sudo rm -RF, the pro-UA group that previously claimed responsibility for the notorious hacks of RuTube in 2022 & MosgorBTI in 2023https://t.co/ivLIrXH6QQ pic.twitter.com/1VfUHzV4RY
No strangers to hacking Kremlin
Monday’s massive cyberattack has been reported to show similarities to another hack allegedly carried out by the pro-Ukranian group in 2022 of Russia’s version of YouTube, aka RuTube, which lasted several days and “completely removed” the site’s code.
Sudo rm-RF was also said to be responsible for the August 2023 hack of Russia's MosgorBTI, the Moscow Real Estate Registration Bureau. In that hack, the group was alleged to have gained unauthorized access to sensitive property data that was then passed along to Ukrainian government officials.
A Ukrainian government source also attributed the large-scale incident to the Kyiv hackers, according to Reuters.
The name “sudo rm -RF” also happens to be a command-line utility for MacOS, Linux, and Unix users which grants temporary privileges to permanently delete entire directories in one fell swoop, with little chance of recovery.
Not surprisingly, the Russian state media company VGTRK told a slightly different story in a post on their social media account, translated from Russian.
“On the night of October 7th, VGTRK online services were subjected to an unprecedented hacker attack, but no significant damage was done to the media holding,” the Kremlin-owned media conglomerate said.
“Despite attempts to interrupt the broadcasting of federal TV channels and radio stations of the holding, everything is working as usual, there is no significant threat. The holding's specialists are working to eliminate the consequences of this malicious interference,” it said.
The spokeswoman for the Russian Foreign Ministry, Maria Zakharova, told reporters Monday that Russian media had long since become targets for what she called "the collective West" and that what had happened was part of "a hybrid war," Reuters said.
Zakharova also warned that Russia would bring up the attack at all future international forums, specifically mentioning UNESCO, the UN’s freedom of speech agency.
Your email address will not be published. Required fields are markedmarked