CH01 Hackers Defaced Russian Websites

On the anniversary of Russia’s full-scale invasion of Ukraine, hackers defaced Russian websites and posted a video of the burning Kremlin amid the music of the Kino band.

As information security specialists told us, Hacker groups split up: some of them support Russia, others Ukraine, and we also wrote that Due of the sanctions, Russian hackers are looking for new ways to launder money.

On February 24, the CH01 hacker group attacked several Russian websites. Cybercriminals have replaced website content with videos.

The video also contains a QR code with a link to the Telegram channel, where the hackers wrote that they claimed responsibility for the attacks and made it clear that they were politically motivated.

The hackers also created a Twitter account and posted the same video.

Hackers defaced Russian websites
group tweet

Apparently, CH01 is a brand new hacker group as their Telegram channel was only created on February 23rd and they posted their first tweet on the same day.

At the moment, a list of 32 hacked sites is available, but their exact number is unknown, as well as how the hackers hacked the sites. In the case of mass defacements, cybercriminals usually find vulnerabilities in a library or service used by websites.

Among the attacked sites are:

  1. Bakery;
  2. Supplier of products for agriculture;
  3. Cafe in Saransk;
  4. Recording studio;
  5. Developer of an electronic menu for restaurants;
  6. Manufacturer of components for mechanical engineering and agriculture;
  7. brick factory.

Hackers defaced Russian websites
An example of a deface one of the sites

Dozens of Russian sites now look like this, we now have all the data from these sites.
the hackers wrote in their Telegram channel.

Only 2 of all hacked sites were restored 12 hours after the defacement. The choice of a song called “Song Without Words” is not accidental. The texts of the Kino group often included themes of freedom, although they were not overtly political.

On February 23, the Ukraine Computer Emergency Response Team (CERT-UA) reported that Russian hackers had broken into several Ukrainian websites using backdoors planted as early as December 2021.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button