Russian court websites down after breach claimed by pro-Ukraine hackers

The websites of Russian general jurisdiction courts have been down for several days following a cyberattack claimed by pro-Ukrainian hackers.

The sites currently display an error message. The attackers have leaked a document on Telegram that appears to show the Russian judicial authority reporting an incident involving the case management and electronic court filing system known as “Pravosudiye” (which means “justice” in Russian).

This system is used by most Russian courts, so the attack had a widespread impact, knocking offline, among others, the websites of Russian federal arbitration and general jurisdiction courts using the “arbitr.ru” and “sudrf.ru” domains, as well as their communication network and email services. 

The leaked document states that the affected services are not expected to recover until at least October 18 — almost two weeks after the incident occurred. Several Russian media outlets obtained the same document from their own sources at judicial agencies and confirmed its authenticity.

The attack was claimed by the pro-Ukraine hacker group BO Team, which is known for cooperating with Ukrainian military intelligence on several operations against Russia, including the attack on a subsidiary of one of Russia’s major telecom providers, a scientific research center, and the federal organization that certifies digital signatures used by Russian businesses.

BO Team posted other information on Telegram that appears to be from the Pravosudiye system, including emails and documents. 

Unlike other BO Team operations, the Ukrainian military intelligence has not publicly claimed any involvement in the current incident.

The attack on Russian courts happened on the same day that the local state television and radio broadcasting company, VGTRK, suffered what the Kremlin described as an “unprecedented” cyberattack, which was also claimed by pro-Ukraine hackers. 

Because of the media attention surrounding the VGTRK hack, the attack on Pravosudiye was overlooked and was initially attributed to “unscheduled technical works.” The official Telegram channel of Moscow’s general jurisdiction courts stated that the court websites were down due to a “technical failure” in the operation of the data centers.

An anonymous source at the Moscow City Court told local media outlet Kommersant that the disruption affected the video conference platform used by criminals to participate remotely in court proceedings. As a result, the court has had to postpone several hearings, according to reports.

The attack on Pravosudiye is just one in a series of incidents targeting Russia as part of its ongoing cyberwar with Ukraine.

On Friday, Ukraine’s military intelligence announced that they hacked the systems of the Russian university that trains drone operators, digital communication specialists, engineers, and physicists for its army.

As a result of the operation, Ukraine managed to disrupt the internal infrastructure of the university, including its websites, databases, and file storage systems, and destroy 150 terabytes of data. This information couldn't be independently verified.