Problems with access to the web resources of Kommersant, Forbes, Izvestia and TASS began to appear simultaneously around 14:00 Moscow time on Monday, February 28. Some media sites turned out to be inaccessible; on others, users saw a propaganda message with the emblem of the Anonymous hacker group. The message was addressed to the citizens of Russia, the authors urged to stop sending the military to the territory of Ukraine, comparing the operation in this country with the Chechen campaign.
Editorial representatives told Vedomosti that they had nothing to do with the publication of these messages. “The official website of our agency was hacked and hacked. The attackers posted on it information that does not correspond to reality, ”a TASS representative told Vedomosti. “Right now we are doing everything to fix the problems as soon as possible,” added the Izvestia representative.
Subsequently, the hacker group confirmed its involvement in the attack by posting a screenshot on their Twitter with a message from the hackers on the TASS website.
Anonymous is one of the largest international networks of hacktivists, which since 2003 has been carrying out hacker attacks on various resources in protest against certain actions in various countries of the world. In February, the group tweeted about a cyber war against the Russian government over a special operation in Ukraine, claiming responsibility for a DDoS attack on RT.
A representative of Roskomnadzor said that “a hybrid war is currently being waged against Russia, which includes elements of information confrontation, as well as regular cyber attacks.” The solution to the problem of attacking media sites, according to him, “is in the area of responsibility of information security specialists.” The interlocutor also noted that the duty services of the Center for Monitoring and Control of the Public Communications Network (CMU SSOP) “have been transferred to high alert mode, interacting with the National Coordination Center for Computer Incidents to counter attacks on critical information infrastructure.” Prompt notification of telecom operators about information security incidents and coordination of their activities to counter cyber threats are provided, he stressed.
Vedomosti also sent a request to the Ministry of Internal Affairs.
“Such attacks require not so many competencies on the part of the attacker. Now the resources of many Russian companies are being attacked by cybercriminals. The main motive for such attacks is hacktivism in order to suspend the site and interrupt information exchange,” says Egor Valov, head of Anti-DDoS and WAF at Rostelecom-Solar.
Most likely, the attackers discovered weaknesses in the information systems of the sites of the attacked media. If these vulnerabilities are not fixed, then with a high degree of probability the attacks can be repeated, Karen Kazaryan, chief analyst of the Russian Association for Electronic Communications (RAEC), told Vedomosti. He added that despite the fact that from time to time law enforcement officers hold hackers accountable for such attacks, these cases [привлечения к ответственности] are single.
Vadim Perevalov, a lawyer and a member of the commission for the legal support of the digital economy of the Moscow branch of the Russian Bar Association, also doubts that hackers will be punished. Article 272 of the Criminal Code of the Russian Federation provides for imprisonment of up to two years for such attacks, and if it is proved that the perpetrators acted by prior conspiracy, then imprisonment could follow as early as five years, he added. “But bringing hackers to justice will require the collection of evidence in various countries of the world, which usually requires the coordinated work of law enforcement agencies in different countries,” the lawyer said.