Independent Russian news site rides out a week of DDoS incidents

The Russian independent media outlet Novaya Gazeta Europe was targeted by several large-scale distributed denial-of-service (DDoS) attacks this week, temporarily knocking its website offline.

The attacks began on Monday and persisted until Wednesday, reaching 12 million junk page requests per minute at one point, according to the outlet’s statement. During the attacks, the website was temporarily unavailable due to traffic overload.

“If our website isn't loading, it means we’re currently experiencing an attack. Please check back in 20 to 30 minutes — by then, we typically have things under control and access should be restored,” Novaya Gazeta Europe stated.

Novaya Gazeta Europe was founded in 2022 in Latvia by former journalists of the Russian independent newspaper Novaya Gazeta, following increasing censorship and repression by Russian authorities. The website was blocked in Russia almost immediately after its launch due to its coverage of human rights abuses and repression in Russia, as well as the war in Ukraine.

Novaya Gazeta Europe hasn’t attributed the latest attacks to a specific threat actor but has indicated that they originated from multiple data centers. Among the various sources of the attacks, researchers identified a specific group of IP addresses associated with the government of North Korea — “an increasingly close ally of the Kremlin.”

“DDoS attacks are frequently used by Russian hacker groups to target opposition NGOs and media outlets, as well as foreign governments deemed to be ‘unfriendly’ to Russia,” Novaya Gazeta Europe noted.

Earlier this year, another prominent Russian independent media outlet. Meduza, reported facing repeated attempts to disrupt its digital infrastructure, including DDoS attacks attributed to Russian authorities.

In April, researchers detected nearly 6,300 IP addresses flooding the website with a hundred times more requests than usually generated by its audience.

Meduza is also based in Latvia and is designated as an “undesirable organization” by the Kremlin; its website can only be accessed in Russia through a virtual private network (VPN).

Additionally, both Novaya Gazeta Europe’s and Meduza’s top executives and journalists were previously infected or targeted with Pegasus spyware. Researchers couldn’t attribute those infections to a specific state, but suspects include Latvia and Estonia.