Russian state media company operation disrupted by ‘unprecedented’ cyberattack

Russian state television and radio broadcasting company VGTRK was hit by a cyberattack on Monday that disrupted its operations, the company confirmed in a statement to local news agencies.

While a VGTRK spokesperson initially downplayed the impact of the attack, claiming it did not cause significant damage, local media reported that the broadcast of several television channels owned by VGTRK, including Russia 1 and Russia 24, was cut off mid-program and resumed nearly an hour later.

An anonymous source at the company told the Russian media outlet Gazeta.ru that the hackers erased data from the company’s servers, including backups. Recorded Future News could not independently verify this information.

VGTRK owns and operates Russia’s major national and regional TV channels and radio stations. Following Russia’s invasion of Ukraine, the company was sanctioned by the European Union, Canada and the U.K. for its affiliation with the Russian government and its role in spreading pro-Kremlin propaganda.

Russia’s presidential press secretary, Dmitry Peskov, confirmed the attack on VGTRK on Monday and said that an investigation into the incident is ongoing. A representative of the Russian Ministry of Foreign Affairs, Maria Zakharova, said the attack “aligns with the West’s anti-Russian agenda” and called it part of a “hybrid warfare” campaign against Russia.

Zakharova added that Russia will raise the issue internationally, including with organizations such as the United Nations and UNESCO. “We understand that when the collective West says it aims to inflict a strategic defeat on Russia, this includes an attack on the media,” she stated.

Russian cybersecurity firm F.A.C.C.T. noted that information about the cyberattack on VGTRK appeared on the official social media account of the pro-Ukrainian hacktivist group Sudo rm-RF.

Researchers said that the group has been conducting attacks on large Russian companies and leaking their data since March 2022. Their reported victims include RuTube, the Skolkovo innovation center, and various Russian medical institutions.

Hacks on media outlets, including television channels, have become common during the cyberwar between Ukraine and Russia. Earlier in May, Russia-aligned hackers hijacked several Ukrainian television channels to broadcast a Victory Day parade in Moscow, commemorating the defeat of Nazi Germany in World War II.

In April, pro-Russian hackers breached Starlight Media to broadcast Russian advertisements and a fragment of the Swan Lake ballet, which was often aired in Russia during the collapse of the USSR or other periods of political turmoil.

Last July, two radio stations owned by one of Ukraine’s largest broadcasters were hacked to spread fake messages claiming that President Volodymyr Zelensky was hospitalized and in critical condition.

The hackers often combine cyberattacks with disinformation campaigns against targeted media outlets. In February, Russian hackers breached several popular Ukrainian media outlets, posting fake news related to the war. All of these websites were hacked to spread the same piece of false information — that Russia had destroyed a unit of Ukrainian special forces in an eastern Ukrainian city.