Ukrainian hackers celebrate Putin’s birthday with two high-profile attacks

A pair of hacking operations seemingly tied to Russian President Vladimir Putin’s birthday targeted the country’s top state media provider and the websites associated with its court and judicial system. 

VGTRK, the provider of top Russian state media outlets, suffered the attack late Sunday into Monday, according to Gazeta, a Russian news outlet. The attack was first announced early Monday morning by the “sudo rm-RF” hacking group on its X account. Around the same time, a group calling itself “BO Team” claimed responsibility on its Telegram channel for the attack on the judicial system. 

“Happy birthday, d–khead,” BO Team wrote, according to a machine translation. The same message was included in the sudo rm -RF X announcement. Putin turned 72 on Monday.

VGTRK did not immediately respond to a request for comment Monday but TASS, another state-owned Russian news outlet, quoted the company as saying that while the attack was “unprecedented,” there was “no significant damage done.” The news outlets’ websites seemed to be back up and running as of early afternoon Monday, but the judicial website remained inaccessible.

Russian officials told reporters that the VGTRK attack was significant.

“Our state media holding, one of the largest, has faced an unprecedented hacker attack on its digital infrastructure,” Kremlin spokesman Dmitry Peskov told reporters, according to Reuters. Maria Zakharova, a spokeswoman for the Russian Foreign Ministry, said Moscow would raise the issue “in all international forums,” the news outlet reported.

A pro-Ukrainian hacking group, sudo rm-RF had claimed previous hacks on RuTube in 2022 and MosgorBTI in 2023, according to Oleg Shakirov, a PhD student at Johns Hopkins University’s School of Advanced International Studies and and a Russian cyber policy expert.

Shakirov told CyberScoop in an online chat Monday that the full extent of the attack on VGTRK is unknown, but indications are that it “is significant” and reportedly included destructive elements. The group’s attack on MosgorBTI, Moscow’s property registration system, required a new website to be built from scratch, Shakirov said.

The attack on the courts targeted a centralized system called GAS Pravosudie, he added, which has been inaccessible since early Monday morning. 

“The attack on the courts system has received much less attention than the one on VGTRK but can have serious implications,” Shakirov said, noting that the system is “quite big and used not only for public info.” So far there have “only been reports about access to websites and no evidence that the work of courts was disrupted in any way,” he said.

BO Team has claimed responsibility for a series of destructive cyberattacks over the past year in the context of defending Ukraine against Russian assault. In August, for instance, the group claimed responsibility for an attack on an internet provider that serviced a Russian nuclear contractor in the city of Snezhinsk, one of Russia’s “closed” cities involved in the country’s nuclear program.

That attack and others have reportedly included collaboration with the Defense Intelligence of Ukraine (GUR). The agency has in the past acknowledged cyberattacks on Russian targets in collaboration with BO Team. 

The agency has carried out more than 100 “large-scale cyber operations” in Russia since the beginning of the full scale invasion, the agency said in a message on its website, as part of its mission to collect intelligence and “damage and destroy the enemy’s equipment used for transmitting information or for the functioning of the financial and economic activities of specific institutions or companies.”

The agency did not immediately respond to a request for comment Monday.