Hacker group defaces Russian websites to display the Kremlin on fire
A hacker group that goes by CH01 defaced a series of Russian websites on the anniversary of the invasion of Ukraine.
The hackers replaced the sites’ content with a video showing the Kremlin on fire, along with a song by a Russian rock band named Kino. The video also includes a QR code that links to a Telegram channel, where the hackers posted a message claiming responsibility for the attacks and making it clear that these defacements were politically motivated.
“Hacker group CH01 in solidarity with the entire civilized world, in order to restore justice and the triumph of the forces of light and goodness, on the anniversary of the terrorist invasion of dictatorial Russia into a strong and independent Ukraine, we declare cyber war on dictatorship and totalitarianism and the idiocy of Putin's criminal regime. Let the prophecy come true…,” the message read, according to an online translation from the original, which is in Russian.
CH01 appears to be a brand new hacking group, as their Telegram channel only had a couple of subscribers on Thursday night, and they published their first tweet on the same day.
A source shared a list of 32 hacked websites with TechCrunch on Thursday night (Friday morning in Russia and Ukraine). It’s unclear how many sites were defaced, or how the hackers were able to deface them. In cases of mass defacements, hackers usually find a flaw in a library or service used by all the websites they target.
The hackers also created a Twitter account and posted the video on the social media app.
Among the hacked websites, there’s one bakery, a company that distributes products for farming, a restaurant, a recording studio, a company that sells delivery services and technology to restaurants in Russia, a company that makes components for mechanical engineering and agriculture and a brick maker, among others.
Only two of those websites were restored to their normal appearance after 12 hours since TechCrunch was alerted of the defacements.
The choice of the song, which is titled "A Song Without Words," is not coincidental. Kino was one of the most popular rock bands in Russia in the 1980s, and their lyrics often included themes of freedom, even though they were not outright political.
Hacking websites to display propaganda or make a political statement is as old as the internet, and it’s something that’s been done since the war began in Ukraine as well. In the last year, there have been defacements carried out by alleged hacktivists groups against Russian websites. One of the most active hacktivist groups in the last year has been the Ukraine IT Army, a loose collection of pro-Ukrainian technologists and hackers who scored some significant wins, like taking down Russia’s largest streaming service for three days.
Even the Russian government has allegedly gotten in the game. In May of last year, a statement by Secretary of State Antony Blinken called out the Russian government for a series of “malicious cyber activity against Ukraine,” which included “website defacements.”
Do you have information about hacks in the context of the Ukraine war? We’d love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email firstname.lastname@example.org. You can also contact TechCrunch via SecureDrop.