Russian independent media outlet Meduza faces ‘most intense cyber campaign’ ever

Siva Ramakrishnan
The Russian independent media organization Meduza said that it has been targeted by an “unprecedented” cyber campaign ahead of the upcoming presidential election this month.

The Russian independent media organization Meduza said that it has been targeted by an “unprecedented” cyber campaign ahead of the upcoming presidential election this month.

“In February 2024, the Russian authorities launched a series of cyberattacks against Meduza, more intense than any we’ve ever faced,” the organization said in a statement on Monday.

The campaign reportedly began around the time when Russian opposition leader Alexey Navalny died in an Arctic prison where he was serving a three-decade prison term.

“Meduza has faced similar attacks before — we’ve been dealing with them for practically our entire existence,” the organization said. “But our tech team has never encountered threats at this scale before.” Russia’s goal is to block or disrupt Meduza’s internet presence, either by targeting servers directly or swamping them with bogus web traffic, Meduza said.

There is no evidence so far that the attacks were conducted by the Russian state, apart from Meduza’s statement.

Meduza markets itself as one of the few Russian independent media outlets whose coverage remains free from control or censorship by the Kremlin. Meduza relocated its office to Latvia back in 2014, and people living in Russia today can only access its website through a VPN.

In 2023, the Russian government designated Meduza as an “undesirable organization” in Russia, subjecting it to heavy fines and potential prison sentences for employees.

Meduza said in a statement that the latest cyber campaign against its systems is an attempt to “completely destroy” the organization.

“Russian authorities, along with Kremlin-affiliated organizations and hackers, are willing to spend an enormous amount of resources to destroy our infrastructure.”

The hackers, in particular, are attempting to block Meduza’s “mirror servers” that contain copies of its original website. “Since mid-February, the Russian government has been finding and blocking our servers with increasing frequency; at the moment, it’s happening about once every 10–20 minutes.” Meduza did not specify where those mirror servers are hosted.

The attackers also are trying to disable Meduza’s main website by using distributed denial-of-service attacks (DDoS). Meduza recorded one attack in which junk DDoS requests caused traffic to surge 200 times its usual level. “We expect to see similar or even larger attacks during Putin’s upcoming election,” the organization said.

Another type of threat involves attacks on the company’s crowdfunding infrastructure. Meduza mentioned that hackers attempt to enter stolen credit card information into its payment system, hoping to compromise it and force banks to cease working with the organization.

Meduza’s journalists are also at risk of attacks. The organization has reported an increase in explicit threats, demands to remove specific content, phishing attacks, password reset attempts, and spam attacks; some Meduza employees have been signed up for thousands of email newsletters.

In September, the phone of Meduza’s owner, Galina Timchenko, was infected with Pegasus spyware while she was in Berlin for a private conference with other Russian independent journalists living in exile. It was the first documented case of a Pegasus infection targeting a Russian citizen.

Meduza believes that the latest wave of attacks on its systems is part of the broader efforts by the Kremlin to cause a communication blackout in the country by blocking media websites, causing internet outages, and interfering with the work of messaging apps.

The reports of internet outages in Russia have indeed become more frequent recently, with some appearing to be politically motivated.

In March, internet access was restricted near the church where people gathered for Navalny’s funeral.

In January, Telegram and WhatsApp were disrupted in a remote Russian region where hundreds of people protested against the sentencing of a local activist.

In February, Russia experienced another major outage that affected popular services like Telegram, YouTube, Viber, WhatsApp and VKontakte. Its cause is unknown.

Nation-stateElectionsNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Stanford says data from 27,000 people leaked in September ransomware attack

Next Post

LockBit administrator sentenced to almost four years in prison after guilty plea

Related Posts

New RAMBO Attack Uses RAM Radio Signals to Steal Data from Air-Gapped Networks

A novel side-channel attack has been found to leverage radio signals emanated by a device's random access memory (RAM) as a data exfiltration mechanism, posing a threat to air-gapped networks. The technique has been codenamed RAMBO by Dr. Mordechai Guri, the head of the Offensive Cyber Research Lab in the Department of Software and Information Systems Engineering at the Ben Gurion University of
Avatar
Read More

NHIs Are the Future of Cybersecurity: Meet NHIDR

The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take
Avatar
Read More