CH01 Hackers Defaced Russian Websites

On the anniversary of Russia’s full-scale invasion of Ukraine, hackers defaced Russian websites and posted a video of the burning Kremlin amid the music of the Kino band.

On February 24, the CH01 hacker group attacked several Russian websites. Cybercriminals have replaced website content with videos.

The video also contains a QR code with a link to the Telegram channel, where the hackers wrote that they claimed responsibility for the attacks and made it clear that they were politically motivated.

The hackers also created a Twitter account and posted the same video.

group tweet

Apparently, CH01 is a brand new hacker group as their Telegram channel was only created on February 23rd and they posted their first tweet on the same day.

At the moment, a list of 32 hacked sites is available, but their exact number is unknown, as well as how the hackers hacked the sites. In the case of mass defacements, cybercriminals usually find vulnerabilities in a library or service used by websites.

Among the attacked sites are:

1. Bakery;
2. Supplier of products for agriculture;
3. Cafe in Saransk;
4. Recording studio;
5. Developer of an electronic menu for restaurants;
6. Manufacturer of components for mechanical engineering and agriculture;
7. brick factory.

An example of a deface one of the sites

Only 2 of all hacked sites were restored 12 hours after the defacement. The choice of a song called “Song Without Words” is not accidental. The texts of the Kino group often included themes of freedom, although they were not overtly political.