Russian independent media outlet Meduza faces ‘most intense cyber campaign’ ever

Siva Ramakrishnan
The Russian independent media organization Meduza said that it has been targeted by an “unprecedented” cyber campaign ahead of the upcoming presidential election this month.

The Russian independent media organization Meduza said that it has been targeted by an “unprecedented” cyber campaign ahead of the upcoming presidential election this month.

“In February 2024, the Russian authorities launched a series of cyberattacks against Meduza, more intense than any we’ve ever faced,” the organization said in a statement on Monday.

The campaign reportedly began around the time when Russian opposition leader Alexey Navalny died in an Arctic prison where he was serving a three-decade prison term.

“Meduza has faced similar attacks before — we’ve been dealing with them for practically our entire existence,” the organization said. “But our tech team has never encountered threats at this scale before.” Russia’s goal is to block or disrupt Meduza’s internet presence, either by targeting servers directly or swamping them with bogus web traffic, Meduza said.

There is no evidence so far that the attacks were conducted by the Russian state, apart from Meduza’s statement.

Meduza markets itself as one of the few Russian independent media outlets whose coverage remains free from control or censorship by the Kremlin. Meduza relocated its office to Latvia back in 2014, and people living in Russia today can only access its website through a VPN.

In 2023, the Russian government designated Meduza as an “undesirable organization” in Russia, subjecting it to heavy fines and potential prison sentences for employees.

Meduza said in a statement that the latest cyber campaign against its systems is an attempt to “completely destroy” the organization.

“Russian authorities, along with Kremlin-affiliated organizations and hackers, are willing to spend an enormous amount of resources to destroy our infrastructure.”

The hackers, in particular, are attempting to block Meduza’s “mirror servers” that contain copies of its original website. “Since mid-February, the Russian government has been finding and blocking our servers with increasing frequency; at the moment, it’s happening about once every 10–20 minutes.” Meduza did not specify where those mirror servers are hosted.

The attackers also are trying to disable Meduza’s main website by using distributed denial-of-service attacks (DDoS). Meduza recorded one attack in which junk DDoS requests caused traffic to surge 200 times its usual level. “We expect to see similar or even larger attacks during Putin’s upcoming election,” the organization said.

Another type of threat involves attacks on the company’s crowdfunding infrastructure. Meduza mentioned that hackers attempt to enter stolen credit card information into its payment system, hoping to compromise it and force banks to cease working with the organization.

Meduza’s journalists are also at risk of attacks. The organization has reported an increase in explicit threats, demands to remove specific content, phishing attacks, password reset attempts, and spam attacks; some Meduza employees have been signed up for thousands of email newsletters.

In September, the phone of Meduza’s owner, Galina Timchenko, was infected with Pegasus spyware while she was in Berlin for a private conference with other Russian independent journalists living in exile. It was the first documented case of a Pegasus infection targeting a Russian citizen.

Meduza believes that the latest wave of attacks on its systems is part of the broader efforts by the Kremlin to cause a communication blackout in the country by blocking media websites, causing internet outages, and interfering with the work of messaging apps.

The reports of internet outages in Russia have indeed become more frequent recently, with some appearing to be politically motivated.

In March, internet access was restricted near the church where people gathered for Navalny’s funeral.

In January, Telegram and WhatsApp were disrupted in a remote Russian region where hundreds of people protested against the sentencing of a local activist.

In February, Russia experienced another major outage that affected popular services like Telegram, YouTube, Viber, WhatsApp and VKontakte. Its cause is unknown.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Stanford says data from 27,000 people leaked in September ransomware attack

Next Post

EC’s use of Microsoft 365 violates data-privacy rules, watchdog group says

Related Posts

Patch Your GoAnywhere MFT Immediately – Critical Flaw Lets Anyone Be Admin

A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. "Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal," Fortra&
Read More

Authorities Claim LockBit Admin “LockBitSupp” Has Engaged with Law Enforcement

LockBitSupp, the individual(s) behind the persona representing the LockBit ransomware service on cybercrime forums such as Exploit and XSS, "has engaged with law enforcement," authorities said. The development comes following the takedown of the prolific ransomware-as-a-service (RaaS) operation as part of a coordinated international operation codenamed Cronos. Over 14,000 rogue
Jason Macuray
Read More

AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on
Read More