Hackers hijack top Russian football club’s website

FC Zenit Saint Petersburg logoFans of FC Zenit Saint Petersburg, one of Russia’s top football clubs, got a surprise this morning if they visited the team’s website.

Instead of seeing stories and images of their favourite soccer players in action, they were presented with a page of insults directed at the city’s political leaders.

Images of Saint Petersburg governor Valentina Matviyenko and Vadim Tyulpanov, speaker of the city parliament, were shown alongside a message that translated is part as:

"To hell with the party of thieves and pickpockets. They have already destroyed more buildings than the Nazis during the attack on Leningrad between '41 and '44"

Sign up to our free newsletter.
Security news, advice, and tips.

Apparently defaced FC  Zenit website

The rant went on to criticise political leaders for poorly clearing up icicles and winter snow, leading to the tragic death of five people, including two children.

Interestingly, a message on FC Zenit’s Facebook page denied that their website had been hacked, and put the blame on a problem with their DNS records.

FC Zenit post on Facebook

If that’s right then it means that the club’s own web servers weren’t necessarily breached by the hackers.

DNS records work like a telephone book, converting human-readable website names like example.com into a sequence of numbers understandable by the internet. What seems to have happened is that someone changed the lookup at the DNS registrar, so when you entered FC Zenit’s website address into your browser you were instead taken to a website that wasn’t under the club’s control.

Thank the stars that those behind this attack didn’t point football fans to a malicious webpage containing malware, rather than a political message.

One question remains. How did the hackers change the DNS records for the football site’s website? Could it be that they managed to guess the passwords used to secure access to those records?

FC Zenit may be feeling sick as a parrot after having had their website messed around with in this fashion – but they’re not the first to have suffered in this way.

For instance, in late 2009 hackers calling themselves the “Iranian Cyber Army” pulled off a similar trick against a more popular website – Twitter.com.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.