The Russian government has established its own TLS certificate authority (CA) to address issues with accessing websites that have arisen in the wake of sanctions imposed by the west following the country’s unprovoked military invasion of Ukraine.
According to a message posted on the Gosuslugi public services portal, the Ministry of Digital Development is expected to provide a domestic replacement to handle the issuance and renewal of TLS certificates should they get revoked or expired.
The service is offered to all legal entities operating in Russia, with the certificates delivered to site owners upon request within 5 working days.
TLS certificates are used to digitally bind a cryptographic key to an organization’s details, enabling web browsers to confirm the domain’s authenticity and ensure that the communication between a client computer and the target website is secure.
The proposal comes as companies like DigiCert have been restricted from doing business in Russia following sanctions by Western nations. “Validation of Russian orders may take longer to be processed due to extensive checks required for private businesses and persons; however, we are able to offer all products to this country,” the company noted in a revised advisory.
What’s not clear is whether web browsers such as Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari, intend to accept the certificates issued by the new Russian certificate authority so that safe connections to the certified servers can work as intended.
But according to a tweet shared by Juan Andres Guerrero-Saade, principal threat researcher at SentinelOne, the public services agency is recommending the use of Russian browsers like Yandex and Atom. “To have access to all sites and the necessary online services, including public services, we recommend installing browsers that support the Russian certificate,” the email reads.
This also poses significant risks in that it could be potentially weaponized to carry out man-in-the-middle (MitM) on HTTPS sessions originating from internet users in the nation, enabling the relevant authorities to intercept, decrypt, and re-encrypt the traffic passing through its systems.
“This is insane. Is this the full totalitarian Man-in-the-Middle?,” Guerrero-Saade tweeted.
The development also comes close on the heels of disclosures from Cisco Talos that opportunistic cybercriminals are cashing in on the ongoing conflict to target unwitting users seeking tools to carry out their own cyberattacks against Russian entities by offering malware purporting to be offensive cyber tools.
“The global interest in the conflict creates a massive potential victim pool for threat actors and also contributes to a growing number of people interested in carrying out their own offensive cyber operations,” the researchers said.
“These observations serve as reminders that users must be on heightened alert to increased cyber threat activity as threat actors look for new ways to incorporate the Russia-Ukraine conflict into their operations.”