Russia’s National Coordination Center for Computer Incidents (NCCCI) Has Released a Huge List of IP Addresses and Domains Which Have Been Said to be Behind the DDoS Attacks on Russia’s Infrastructure
Update:
Information on the connections of 24News.ge and USA Today with the World Economic Forum:
- https://www.weforum.org/people/jamal-khashoggi – General Manager and Editor-in-Chief, Al Waleed 24 News Channel
- https://www.weforum.org/people/joanne-lipman – Editor-in-Chief, USA TODAY and USA TODAY Network
Thanks to CSIS_CIA_pure-evil for this added information.
Original Story: 3/8/2022 at 5:46pm
As the conflict between Russia and Ukraine escalates, cyber attacks have also escalated across the globe between many countries. Russia has now released a full report of DDoS attacks against their infrastructure that includes the IPs and domains of where these attacks are originating. The report was released March 3rd, so there could have been more, since.
The list contains 17,576 IP addresses and 166 domains of which notable domains include the U.S. FBI and CIA. On top of those, other domains include several corporate media outlets and publications such as (but not limited to) USA Today, 24News.ge, MegaTV.ge and Ukraine’s very own Korrespondent Magazine. Any Ukrainian-based DDoS attacks make sense considering they’ve managed to collect an “IT Army” of hackers from around the world willing to fight for Ukraine. The only problem is, we have become a connected world, so most likely, you’re hurting many people who aren’t even Russian.
This point can’t be made anymore obvious by the simple fact that these “hackers” are going after infrastructure like Russia’s homegrown GLONASS satellite-based navigation system.
Russia’s NCCCI has recommended to counter the distributed denial-of-service (DDoS) attacks with Russia DDoS attacks of its own and to turn off automatic software updates, disable third-party software, plugins and middleware. They continue by saying, “use Russian DNS servers. Use the corporate DNS servers and/or the DNS servers of your telecom operator in order to prevent the organization’s users from being redirected to malicious resources or other malicious activity. If your organization’s DNS zone’s serviced by a foreign telecom operator, transfer it to the information space of the Russian Federation.”
“Lone-wolf and organized threats actors who possess the proper cyber skills may directly attack their nation’s enemy or recruit others to join in a coordinated attack,” Trustwave SpiderLabs researchers said. They continued, “these activities, coupled with specific malware use designed to ‘prep’ the physical battlefield, could become a more widely used tactic to weaken a nation’s defensive capabilities, critical infrastructure or communication streams.”
On top of all this, the Conti ransomware group, which had its attack methods publicly leaked last week after declaring allegiance to Russia, has since announced that “we are up and running, our infra is intact and we are going full throttle,” according to a message titled “Not Yet Kameraden!” on the group’s dark web portal.
World War 3 may not have officially started on the ground, but in cyberspace, it looks to be in full force.
