As the conflict between Russia and Ukraine rages on, the Russian government published yesterday a massive list containing 17,576 IP addresses and 166 domains that seem to be behind a series of distributed denial-of-service (DDoS) attacks on its domestic infrastructure.
The US Federal Bureau of Investigation (FBI), Central Intelligence Agency (CIA), and the sites of some media outlets such as USA Today, 24News.ge, megatv.ge, and Ukraine’s Korrespondent publication were among the significant domains in the list made public by Russia’s National Coordination Center for Computer Incidents (NCCCI).
NCCCI Recommendations for Organizations
According to The Hacker News, in order to reduce the DDoS attacks, the agency advises companies to:
- ringfence network devices,
- enable logging,
- change passwords associated with key infrastructure elements,
- turn off automatic software updates,
- disable third-party plugins on websites,
- enforce data backups,
- watch out for phishing attacks.
Use Russian DNS servers. Use the corporate DNS servers and/or the DNS servers of your telecom operator in order to prevent the organization’s users from being redirected to malicious resources or other malicious activity.
If your organization’s DNS zone [is] serviced by a foreign telecom operator, transfer it to the information space of the Russian Federation.
Hackers Are Picking Sides
The development comes as the ground war has been bolstered by a mass of cyberattacks in the digital world, with hacktivist organizations and other vigilante actors assisting the two countries in attacking government and commercial businesses websites and leaking massive amounts of confidential information.
Russia is said to have imposed strict limitations on Facebook access within the country, despite widespread internet disruptions being announced in various parts of Ukraine, including Mariupol and Sumy.
Also, Ukraine, which managed to gather a volunteer “IT Army” of civilian hacktivists from all over the globe, has announced a new set of targets, including the Belarusian rail network, Russian space-based satellite navigation system GLONASS, and telecom operators MTS and Beeline.
Friends, you have already done the incredible! But now we need to mobilize and intensify our efforts as much as possible.
Following the invasion of Ukraine, a member of the Conti ransomware group believed to be of Ukrainian origin, leaked the gang’s internal communications after the group’s leaders posted an aggressive pro-Russian message on their official website. Internal records were disclosed via an email that was provided to a number of journalists and security experts, among other people.
According to my colleague’s article, the Ukrainian researcher leaked further internal chats, as well as the source of their ransomware, administration panels, and other information.
The US Treasury Department has also announced sanctions against several Russian oligarchs and organizations for offering direct and indirect support to the government and conducting global influence operations aimed at creating conflict on social problems in Ukraine.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.