Ukraine: We’ve repelled ‘nonstop’ DDoS attacks from Russia

Join online with today’s leading executives at the Data Summit on March 9th. Register here.

A Ukrainian agency said on Saturday that since the Russian invasion on February 24, government websites had been hit by a series of distributed denial-of-service (DDoS) attacks, which the agency attributed to “Russian hackers”.

However, Ukraine’s State Service of Special Communication and Information Protection (SSSCIP) said in a tweet that “despite the resources of all the enemies involved, the sites of the central government agencies are available.”

Since the invasion, the Ukrainian government has been focusing more on its public communications around the military conflict provoked by Russia on the ground. However, the tweets were an acknowledgment that Ukraine continues to face attacks in the cyber realm as well. Dangerous actors were also found to be responsible for cyber attacks in Russia for the first time since the invasion began.

The DDoS attacks on military and financial institutions in Ukraine that took place on February 15-16 before the invasion were attributed to the Russian government by US and UK officials. DDoS usually forces websites or networks offline through overwhelming servers with traffic. .

‘Nonstop’ attacks

In her Tweets On Saturday, SSSCIP said that “Russian hackers continue to attack Ukrainian information resources,” and that they have been doing so “from the beginning.” [the] Invasion. “

The agency clarified that the attacks were “primarily” aimed at DDoS attacks targeting the websites of the Ukrainian parliament (Verkhovna Rada), President Volodymyr Zelensky, the cabinet, the Ministry of Defense and the Ministry of Internal Affairs of Ukraine.

“Most powerful” DDoS attacks against Ukrainian government sites On top At over 100 Gbps, SSSCIP said. While much larger than the average DDoS attack size, Radware’s research shows that the largest DDoS attack recorded during the first three quarters of 2021 was 348Gbps – or 3.5 times the size of the most powerful DDoS attack against Ukraine.

The DDoS attacks against Ukraine “certainly make no record,” he said Chris PartridgeA security professional who monitors cyber attacks during the Russia-Ukraine conflict.

“But I think it’s a good sign that Ukraine is capable of repelling some of these attacks from Russia,” Patrice told VentureBeat in a message.

In the recent attacks, “the occupiers managed to do only one thing, which was to change the front pages on the sites of some local authorities,” SSSCIP said in a tweet. Adding: “We will endure! On the battlefield and in cyberspace! ”

Meanwhile, hackers and hacktivist groups from Ukraine’s IT Army, such as Anonymous, have continued to retaliate with DDoS attacks against Russian targets.

According to data posted by Partiz on GitHub, in the latest investigation, numerous government, financial and media websites targeted by the Ukrainian IT Army were seeing 0% or 10% uptime in Russia.

Anonymous attack

On Sunday, Anonymous claimed on Twitter that it had exchanged live footage for several Russian TV channels and streaming services with video footage of the war in Ukraine, along with anti-war messages.

Jeremiah Fowler, co-founder of Security Discovery and a senior security researcher, told VentureBeat that his cyber security research firm had captured a video of a Russian state TV channel feed that had been hacked to display pro-Ukraine information. “I will mark this claim [from Anonymous] True, given that they’ve probably appeared on other channels as well, “Fowler said in an email.

As part of recent research into attempts by hacker groups such as Anonymous to launch cyber attacks against Russia, Fowler said they were able to find a database of Internet and cable providers in Russia that contained ports and routes and source locations of shows. Streaming from

“It’s very likely that someone could hijack the feed and pull the channel programming from a legitimate source and show viewers other video footage instead.”

The cyber effort to help Ukraine is also receiving support from the US Cyber ​​Command, The New York Times reported on Sunday. According to the Times, the agency’s “cybermotion teams” are currently operating from an Eastern European base “to intervene in Russia’s digital attacks and communications”.

Given that the U.S. Cyber ​​Command is part of the Department of Defense, it raises the question of whether this makes the U.S. a “co-combatant,” the report notes. From a report in The New York Times:

Through the American interpretation of the Cyber ​​Conflict Act, the United States could temporarily disrupt Russian capabilities without resorting to war; Permanent disability is more problematic. But experts acknowledge that when the Russian system goes down, Russian units do not know whether it is temporary or permanent, or whether the United States is responsible.

Government officials are understood to have tight lips [about what Cyber Command is doing]The ongoing cyber operations, which have moved from the operations center in Kiev to one outside the country in recent days, are some of the most classified elements of the conflict, he says. But it is clear that cybercrime teams have tracked some known targets, including GRU, Russia’s military intelligence operation, in an attempt to deactivate their activity.

Guide to the US

In the U.S., the Federal Cyber ​​Security and Infrastructure Security Agency (CISA) is also providing guidance on vulnerabilities that could be linked to threats from Russia, possibly in exchange for Western sanctions on Ukraine. Last Thursday, CISA added 95 vulnerabilities to its well-known exploit vulnerabilities catalog.

Mike Parkin, a senior technical engineer at Vulcan Cyber, said it was unusual for the agency to add “more than a handful” of vulnerabilities to its list at one time. Amid the situation in Ukraine, “these additions are likely to be an attempt to curb cyber warfare activities in US institutions covered by CISA directives,” Parkin said.

The 95 vulnerabilities added to the CISA catalog on Thursday have a short deadline for correction by federal agencies – within March, Viakoo CEO Bud Broomhead noted. And most are in widely used systems, including 38 for Cisco products, 27 for Microsoft products and 16 for Adobe products, Broomhead said.

“So far, there is no direct evidence that state, state-sponsored or other Russia-friendly risky artists have attacked US resources, there is no reason to believe they will not,” Parkin told VentureBeat.[But] Given that there are already widespread cyber warfare activities between Russia and Ukraine and their supporters on both sides, it is highly likely that allies on both sides will be the target of cyber-conflict.

Many of Russia’s allies also see the US as a competitor at some level, and have their own well-equipped and well-financed cyber warfare capabilities, he said.

“With all of that, it’s possible that the CISA includes threats that weren’t previously considered high-risk as a risk actor for viewing additional attack vectors,” Parkin said.

Venturebeat’s mission Transformative Enterprise is about to become a digital town square for technology decision makers to gain knowledge about technology and transactions. Learn more

Similar Posts

Leave a Reply

Your email address will not be published.