Russia is being hacked on an unprecedented scale

- Advertisement -

Orders issued as a watch. Every day, often around 5 am local time, on the Telegram channel Unprecedented in Ukraine “IT army” of hackers buzzes with a new list of targets. A volunteer group took down Russian sites using wave after wave of distributed denial of service (DDoS) attackswho have been flooding sites with traffic requests and making them inaccessible since the start of the war.

- Advertisement -

Russian online payment services, government departments, airline companies and food delivery firms have been targeted by an IT army seeking to disrupt everyday life in Russia. “Today, Russians are noticing regular disruptions to streaming services,” pro-government Telegram channel operators wrote after one reported operation in mid-April.

- Advertisement -

The actions of the IT army were only the beginning. Since Russia invaded Ukraine in late February, the country has faced an unprecedented flurry of hacking activity. hacktivists, Ukrainian forces and outsiders from all over the world who take part in the IT army have set their sights on Russia and its businesses. DDoS attacks make up the bulk of the activity, but researchers have identified ransomware designed for Russia and are looking for bugs in Russian systems that could lead to more sophisticated attacks.

Attacks on Russia stand in stark contrast to recent history. Many cybercriminals and ransomware groups have ties to Russia and do not target that country. Now it is being opened. “Usually, Russia is considered one of the countries from which cyber attacks originate, not where they go,” says Stefano De Blasi, a cyber threat analyst at security firm Digital Shadows.

- Advertisement -

At the start of the war, DDoS was relentless. Record levels of DDoS attacks were recorded in the first three months of 2022. analysis from the Russian cybersecurity company Kaspersky. Both Russia and Ukraine have used DDoS to try and undermine each other, but the efforts against Russia have been more innovative and protracted.

Ukrainian technology companies transformed puzzle game 2048 into an easy way to launch DDoS attacks and have developed tools that allow anyone to join the action, regardless of their technical knowledge. “The more we use attack automation tools, the stronger our attacks,” reads a message sent on March 24 to the IT Army Telegram channel. Channel operators are encouraging people to use VPNs to hide their location and help avoid DDoS protection of their targets. Toward the end of April, the IT army launched its own Web site it lists whether his targets are online or have been deleted, as well as technical guides. (IT Army did not respond to a request for comment.)

“We have had good results and many websites are down,” says Dmitry Budorin, CEO of Ukrainian cybersecurity startup Hacken. When the war broke out, Budorin and his colleagues modified one of the firm’s anti-DDoS tools, called disBalancer, so that it could be used to launch DDoS attacks.

Although Kaspersky Lab’s analysis says that the number of DDoS attacks around the world has returned to normal levels as the war has progressed, attacks last longer—hours, not minutes. The researchers found that the longest one lasted over 177 hours, over a week. “Attacks continue regardless of their effectiveness,” says a Kaspersky Lab analysis. (On March 25, the US government added Kaspersky Lab to its list of national security threats; the company said it “disappointed” by the decision. The German Cybersecurity Agency also warning against using Kaspersky software March 15, although it did not come to a ban. The company announced this believed the decision was not done on a technical basis.)

Budorin says the DDoS helped the Ukrainians contribute to the war not only in combat, but in both sides improving their attacks and defenses. However, he acknowledges that DDoS may not have much of an impact on the war. “It does not greatly affect the ultimate goal, and the ultimate goal is to stop the war,” says Budorin.

Ever since Russia launched its full-scale invasion, the country’s hackers have been caught trying to disrupt power systems in UkraineWiper malware deployment and launch predictable subversive attacks against the Ukrainian government. Now, however, Ukrainian officials say they have noticed a decrease in activity. “Recently, the quality has gone down because the enemy cannot prepare as much as he could prepare,” Yuri Shchegol, head of Ukraine’s cybersecurity agency, the State Service for Special Communications and Information Protection, said in an April 20 statement. the enemy now mostly spends time defending themselves, because it turns out that their systems are also vulnerable, ”said Schegol.

Budorin says that in addition to using his company’s technology to launch DDoS attacks, it also created a bug bounty program so people can find and report security flaws in Russian systems. More than 3,000 reports have been made, he said. He claims this includes database leaks, login information, and more serious cases where code can be run remotely on Russian systems. According to Budorin, the company checks for vulnerabilities and submits them to the Ukrainian authorities. “You don’t go through the main door,” he says. “You go through the regional offices. There are so many bugs, so many open windows.”

While cyber warfare throughout the conflict may not have been as obvious or had the consequences that some predicted, many incidents can occur without publicity or outside knowledge. “I think the most sophisticated operations going on right now are espionage – to find out what the enemy is trying to do, wants to do and will do next,” says De Blasy. “We may have to wait years before we know anything about it.”

Obviously, hacktivists and others attacking Russia received and published hundreds of gigabytes of Russian data and millions of emails– files can help unravel parts of the Russian state. But other attacks are also happening, says Lotem Finkelstein, director of threat intelligence and research at Israeli cybersecurity company Check Point.

In early March, a new type of ransomware was discovered. While most ransomware groups have ties to Russia, as proven costly to ransomware group Conti when she supported Putin, a new ransomware was developed to attack Russian organizations. “I, the creator of RU_Ransom, created this malware to harm Russia,” the ransom note to the code says. analysis security firm Trend Micro. The malware can spread like a worm and wipe out data systems, although as of early March, researchers had yet to spot its use in the real world. “It’s very rare to see ransomware specifically targeting Russia,” says Finkelstein, adding that Check Point is working on a new study that shows how Russia was attacked throughout the war. “Now Russia is under attack that they are not used to seeing,” says Finkelstein.

Although cyberattacks against Russia have increased, there are hints that this could further push the country towards internet isolation. Over the past few years, Russian officials have been talking about creating own sovereign Internet and separation from the global system. When DDoS attacks began, Russia was geofencing government websitesand at the beginning of March, according to national media reportsThe country’s digital development ministry has urged websites to improve cybersecurity measures and maintain control over their own domain names.

“I believe that turning off the internet completely would still be an extreme approach even now,” says Lukasz Oleinik, an independent researcher and cybersecurity consultant. “Moreover, the government appears to still be in a sort of self-denial, acting as if nothing significant is happening, either due to cyberattacks or even Western sanctions.” Despite this rebuttal, Oleinik says, the country is still “doubling down” and moving towards its long-term goal of a sovereign internet.

More Great WIRED Stories


Credit: /

- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox