As the ongoing conflict between Russia and Ukraine continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it says are behind a series distributed denial of service (DDoS) attacks targeting its national infrastructure. .
Some of the notable domains on the list published by the Russian National Computer Incident Coordination Center (NCCCI) included the US Federal Bureau of Investigation (FBI), the Central Intelligence Agency (CIA) and the websites of several media publications such as USA Today, 24News.ge, megatv.ge and the Ukrainian magazine Korrespondent.
As part of its recommendations to counter DDoS attacks, the agency urges organizations to protect network devices, enable logging, change passwords associated with key infrastructure elements, disable updates automatic software, disable third-party plug-ins on websites, enforce data safeguards, and watch out for phishing attacks.
“Use Russian DNS servers. Use corporate DNS servers and/or your telco’s DNS servers to prevent organization users from being redirected to malicious resources or other malicious activity” , added the NCCCI.
“If your organization’s DNS zone [is] served by a foreign telecommunications operator, transfer it to the information space of the Russian Federation.”
The development comes as the ground war has been supplemented by a barrage of cyberattacks in the digital realm, with hacktivist groups and other vigilante actors backing the two countries to strike the websites of government and commercial entities and flee treasures of personal data.
According to the global internet access watchdog NetBlocksRussia has reportedly imposed significant restrictions on Facebook access in the country, even though widespread internet blackouts have been reported in different parts of Ukraine, such as Mariupol and Sumy.
That’s not all. Ukraine, which has managed to build a willing “computer army” of civilian hackers from around the world, has defined a new set of targets including the Belarusian railway network, the Russian global navigation satellite system GLONASS and telecommunications operators like MTS and Straight line.
“Friends, you have already done the incredible! But now we must mobilize and intensify our efforts as much as possible,” reads the IT army’s Telegram channel.
Meanwhile, the Conti ransomware group, which got a taste of its own medicine when its attack methods were publicly disclosed last week after declaring allegiance to Russia, has since announced that “we are up and running, our infrastructure is intact and we’re going full throttle.” throttle,” according to a post titled “Not Kameraden yet!” on its dark web portal.
In a related development, the US Treasury Department said it was sanctioning a number of Russian oligarchs and entities for providing direct and indirect support to the government and conducting global influence operations “aimed at sowing discord on social issues in Ukraine”.
“Lone wolves and organized threat actors with the appropriate cyber skills can directly attack their nation’s enemy or recruit others to join in a coordinated attack,” Trustwave SpiderLabs researchers said. “These activities, coupled with the use of specific malware designed to ‘prepare’ the physical battlefield, could become a more widely used tactic to weaken a nation’s defensive capabilities, critical infrastructure, or communication flows. “