Pro-Russian Criminal Hackers Set Sights on the Eurovision Song Contest

The Italian police force announced this week that it thwarted a cyber attack on the Eurovision Song Contest.

The competition, which took place in Turin last Saturday, is ostensibly an opportunity for European countries to demonstrate the best (or worst) of their nation’s singing talents.

However, over the years it’s faced criticism that votes are cast based on political allegiances rather than the quality of the contestants.

Those concerns were greater than ever this year, with Russia and Belarus having been banned from the competition following the invasion of Ukraine.

As many people predicted, Ukraine’s Kalush Orchestra eventually won the competition with the song “Stefania”. The rap group dominated the public vote in what was likely as much a show of support for the nation’s plight as it was about the popularity of the song.

But the contest, which was watched by more than 200 million people, was nearly brought to a halt by cyber criminals, according to a Reuters report.

Throughout the semi-final and final, the Italian police force’s cyber security department blocked several attacks on the venue’s network infrastructure.

Russian political aggression

The attacks were traced to the Russian-based criminal hacking group “Killnet” and its affiliate “Legion”.

The group conducted a DDoS (distributed denial-of-service) attack aimed at network infrastructure during performances and voting in an attempt to disrupt proceedings.

However, thanks to the event organisers’ effective planning, the contest was largely unaffected.

The Italian authorities said that more than 100 police officers monitored the event, enabling them to spot and respond to the attacks promptly. They also had support from Eurovision TV and the IT firm ICT Rai.

After detecting the group’s attempts to disrupt Eurovision, the Italian police gathered data about Killnet from its Telegram channels.

Live televised events are a popular target for cyber attacks because they instantly garner a huge audience.

In 2018, the opening ceremony of the Pyeongchang Winter Olympics was disrupted following a cyber attack, while in the run-up to the 2012 London Olympics, investigators discovered attack tools and the blueprints to the Olympic Stadium’s building management system on a cyber criminal’s computer.

Meanwhile, pro-Ukrainian attackers targeted Russian state TV earlier this year, with programme schedules defaced with several anti-war slogans.

“You have the blood of thousands of Ukrainians and hundreds of dead children on your hands,” one slogan read, while another said: “The TV and the authorities are lying. No to war”.

Given the obvious political conflict surrounding this year’s Eurovision, organisers will have expected an attack such as this and prepared accordingly.

The incident demonstrates the benefits of effective threat management. Rather than becoming the victim of an attack witnessed by hundreds of millions of people across Europe, the narrative is instead that Europe withstood Russian political aggression.

The ability to repel politically motivated cyber attacks is arguably an even bigger reputational boost than successfully pulling one off. Indeed, Killnet hasn’t reacted well to its well-documented failure.

Killnet wages war

After the Italian police announced that it had successfully prevented Killnet’s cyber attacks, the group posted a message on its Telegram channel denying that it was responsible.

“According to foreign media, Killnet attacked Eurovision and they were stopped by the Italian police. So, Killnet did not attack Eurovision,” the message said.

However, the group contradicts itself later in its message by referencing a successful attack on Eurovision’s website that it implies it was responsible for.

Killnet also appears intent on further attacks against Italy and its “deceitful police”. The group “declared war” on the country and nine others: the US, the UK, Germany, Latvia, Romania, Lithuania, Estonia, Poland and Ukraine.

The group has already targeted organisations in many of these countries before, all of which have publicly opposed the Russian invasion.

It remains to be seen whether Killnet’s reaction is a response to its failed attack or whether it always intended to target these countries as part of its pro-Kremlin stance.

What is certain is that cyber attacks will continue to play a significant role in the war’s propaganda efforts. We’ll almost certainly see more events with large European audiences this being targeted.

As such, event organisers must show the same level of preparedness as Italy demonstrated last weekend.