Russia DDoS Attacks
As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service (DDoS) attacks aimed at its domestic infrastructure.
Some of the noticeable domains in the listing released by Russia’s National Coordination Center for Computer Incidents (NCCCI) included the U.S. Federal Bureau of Investigation (FBI), Central Intelligence Agency (CIA), and websites of several media publications such as the USA Today, 24News.ge, megatv.ge, and Ukraine’s Korrespondent magazine.
As part of its recommendations to counter the DDoS attacks, the agency is urging organizations to ringfence network devices, enable logging, change passwords associated with key infrastructure elements, turn off automatic software updates, disable third-party plugins on websites, enforce data backups, and watch out for phishing attacks.
“Use Russian DNS servers. Use the corporate DNS servers and/or the DNS servers of your telecom operator in order to prevent the organization’s users from being redirected to malicious resources or other malicious activity, … If your organization’s DNS zone [is] serviced by a foreign telecom operator, transfer it to the information space of the Russian Federation.”National Coordination Center for Computer Incidents
The development comes as the ground war has been complemented by a barrage of cyberattacks in the digital domain, with hacktivist groups and other vigilante actors backing the two countries to strike websites of government and commercial entities and leak troves of personal data.
According to global internet access watchdog NetBlocks, Russia is said to have placed extensive restrictions on Facebook access within the country, even as widespread internet outages have been reported in different parts of Ukraine such as Mariupol and Sumy.
Russia DDoS Attacks