Russian independent media outlet Meduza faces ‘most intense cyber campaign’ ever
The Russian independent media organization Meduza said that it has been targeted by an “unprecedented” cyber campaign ahead of the upcoming presidential election this month.
“In February 2024, the Russian authorities launched a series of cyberattacks against Meduza, more intense than any we’ve ever faced,” the organization said in a statement on Monday.
The campaign reportedly began around the time when Russian opposition leader Alexey Navalny died in an Arctic prison where he was serving a three-decade prison term.
“Meduza has faced similar attacks before — we’ve been dealing with them for practically our entire existence,” the organization said. “But our tech team has never encountered threats at this scale before.” Russia’s goal is to block or disrupt Meduza’s internet presence, either by targeting servers directly or swamping them with bogus web traffic, Meduza said.
There is no evidence so far that the attacks were conducted by the Russian state, apart from Meduza’s statement.
Meduza markets itself as one of the few Russian independent media outlets whose coverage remains free from control or censorship by the Kremlin. Meduza relocated its office to Latvia back in 2014, and people living in Russia today can only access its website through a VPN.
In 2023, the Russian government designated Meduza as an “undesirable organization” in Russia, subjecting it to heavy fines and potential prison sentences for employees.
Meduza said in a statement that the latest cyber campaign against its systems is an attempt to “completely destroy” the organization.
“Russian authorities, along with Kremlin-affiliated organizations and hackers, are willing to spend an enormous amount of resources to destroy our infrastructure.”
The hackers, in particular, are attempting to block Meduza’s “mirror servers” that contain copies of its original website. “Since mid-February, the Russian government has been finding and blocking our servers with increasing frequency; at the moment, it’s happening about once every 10–20 minutes.” Meduza did not specify where those mirror servers are hosted.
The attackers also are trying to disable Meduza’s main website by using distributed denial-of-service attacks (DDoS). Meduza recorded one attack in which junk DDoS requests caused traffic to surge 200 times its usual level. “We expect to see similar or even larger attacks during Putin’s upcoming election,” the organization said.
Another type of threat involves attacks on the company’s crowdfunding infrastructure. Meduza mentioned that hackers attempt to enter stolen credit card information into its payment system, hoping to compromise it and force banks to cease working with the organization.
Meduza’s journalists are also at risk of attacks. The organization has reported an increase in explicit threats, demands to remove specific content, phishing attacks, password reset attempts, and spam attacks; some Meduza employees have been signed up for thousands of email newsletters.
In September, the phone of Meduza’s owner, Galina Timchenko, was infected with Pegasus spyware while she was in Berlin for a private conference with other Russian independent journalists living in exile. It was the first documented case of a Pegasus infection targeting a Russian citizen.
Meduza believes that the latest wave of attacks on its systems is part of the broader efforts by the Kremlin to cause a communication blackout in the country by blocking media websites, causing internet outages, and interfering with the work of messaging apps.
The reports of internet outages in Russia have indeed become more frequent recently, with some appearing to be politically motivated.
In March, internet access was restricted near the church where people gathered for Navalny’s funeral.
In January, Telegram and WhatsApp were disrupted in a remote Russian region where hundreds of people protested against the sentencing of a local activist.
In February, Russia experienced another major outage that affected popular services like Telegram, YouTube, Viber, WhatsApp and VKontakte. Its cause is unknown.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.