Pierluigi Paganini March 04, 2022

Russian government released a list containing IP addresses and domains behind DDoS attacks that hit Russian infrastructure after the invasion.

While the conflict on the battlefield continues, hacktivists continue to target Russian infrastructure exposed online. The Russian National Coordinating Center for Computer Incidents (NCCC) released a massive list containing 17,576 IP addresses and 166 domains that were involved in a series of DDoS attacks that targeted its infrastructure.

The list of domains includes the US CIA and FBI, USA Today, and Ukraine’s Korrespondent magazine, along with domains and apps specifically set up to target Russia amid the invasion.

The advisory provides a list of recommendations for Russian organizations, including conducting an inventory of all network devices and services operating in their organization, restricting outside access to them, setting up logging systems, using complex and unique passwords, using Russian DNS servers, watching out phishing attacks, enforcing data backups.

The Russian government fears the consequence of data breaches suffered by its organizations or possible interference by third-party nation state actors that could exploit the ongoing attacks to carry out covet cyber attacks.

The Kremlin also fear the spreading of news related to the conflict on its soil for this reason Twitter and Facebook restricted in Russia amid conflict with Ukraine.

If you are interested in understanding the numerous threat actors that are providing support to both Russia and Ukraine give a look at the following analysis:

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, DDoS)

[adrotate banner=”5″]

[adrotate banner=”13″]