Ukraine ‘s computer emergency response team (CERT-UA) announced that it is investigating, along with the National Bank of Ukraine (CSIRT-NBU), ongoing DDoS (distributed denial of service) attacks targeting pro-Ukraine sites and the government web portal.
Owners of the websites should detect the abnormal activity by inspecting the log files of the webserver, looking at events with the response code 404 and correlating them with the values of the HTTP header “Referer”, which will contain the address of the web resource initiated a request.
The alert includes the list of targeted websites and Yara rules for the detection of these attacks.
The CERT-UA notified organizations behind compromised websites, their registrars, and hosting providers. The Ukrainian agency did not attribute the attack to certain threat actors, however, experts believe that they are likely politically motivated.
Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform
(SecurityAffairs – hacking, Ukraine)