Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks

Cyber Security

As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service (DDoS) attacks aimed at its domestic infrastructure.

Some of the noticeable domains in the listing released by Russia’s National Coordination Center for Computer Incidents (NCCCI) included the U.S. Federal Bureau of Investigation (FBI), Central Intelligence Agency (CIA), and websites of several media publications such as the USA Today, 24News.ge, megatv.ge, and Ukraine’s Korrespondent magazine.

As part of its recommendations to counter the DDoS attacks, the agency is urging organizations to ringfence network devices, enable logging, change passwords associated with key infrastructure elements, turn off automatic software updates, disable third-party plugins on websites, enforce data backups, and watch out phishing attacks.

“Use Russian DNS servers. Use the corporate DNS servers and/or the DNS servers of your telecom operator in order to prevent the organization’s users from being redirected to malicious resources or other malicious activity,” the NCCCI added.

“If your organization’s DNS zone [is] serviced by a foreign telecom operator, transfer it to the information space of the Russian Federation.”

The development comes as the ground war has been complemented by a barrage of cyber attacks in the digital domain, with hacktivist groups and other vigilante actors backing the two countries to strike websites of government and commercial entities and leak troves of personal data.

According to global internet access watchdog NetBlocks, Russia is said to have placed extensive restrictions on Facebook access within the country, even as widespread internet outages have been reported in different parts of Ukraine such as Mariupol and Sumy.

That’s not all. Ukraine, which managed to amass a volunteer “IT Army” of civilian hackers from around the world, put out a new set of targets that includes the Belarusian railway network, Russia’s homegrown satellite-based global navigation system GLONASS, and telecom operators like MTS and Beeline.

“Friends, you have already done the incredible! But now we need to mobilize and intensify our efforts as much as possible,” a post on the IT army Telegram channel read.

Meanwhile, the Conti ransomware group, which got a taste of its own medicine when its attack methods were publicly leaked last week after declaring allegiance to Russia, has since announced that “we are up and running, out infra is intact and we are going full throttle,” according to a message titled “Not Yet Kameraden!” on its dark web portal.

In a related development, the U.S. Treasury Department said it’s sanctioning a number of Russian oligarchs and entities for providing direct and indirect support to the government and carrying out global influence operations “focused on sowing discord on social issues in Ukraine.”

“Lone-wolf and organized threats actors who possess the proper cyber skills may directly attack their nation’s enemy or recruit others to join in a coordinated attack,” Trustwave SpiderLabs researchers said. “These activities, coupled with specific malware use designed to ‘prep’ the physical battlefield, could become a more widely used tactic to weaken a nation’s defensive capabilities, critical infrastructure or communication streams.”