The Russian government shared a list of 17,576 IP addresses allegedly used to launch distributed denial-of-service (DDoS) attacks targeting Russian organizations and their networks.
The list was shared by the National Coordination Center for Computer Incidents (NKTsKI), an organization created by Russia’s Federal Security Service (FSB), together with guidance to defend against the attacks and a second list containing attackers’ referrer domain information.
“The National Coordinating Center for Computer Incidents (NCCC) in the context of massive computer attacks on Russian information resources recommends taking measures to counter threats to information security,” the Russian government agency said in a notice.
While the list of IPs does not provide info on the attackers’ identity, the list of domains points to European Union and US organizations, including the sites of the FBI and CIA (although one can spoof the referrer header info).
Another domain points to a Google Docs document containing instructions on how to use the open-source Low Orbit Ion Cannon (LOIC) DDoS attack tool on Windows, macOS, iOS, and Android devices to target Russian resources in a joint DDOS attack.
From BleepingComputer’s review of NKTsKI’s IP address list, many of the IPs correspond to residential Internet users who may face legal charges if their government decides not to turn a blind eye to their cyber activities.
DDoS defense recommendations shared by the NKTsKI include:
- Using DDoS protection services
- Restricting network traffic based on the shared referrer info
- Disabling plugins and web statistics scripts
- Using Russian DNS servers
Ukraine’s IT Army and its Russian targets
While the Russian govt agency didn’t provide evidence to support its claims, the warning aligns with Ukraine’s Vice Prime Minister Mykhailo Fedorov announcing the creation of an “IT army” to support the country’s “fight on the cyber front.”
The IT Army was created after the Ukrainian Defense Ministry started recruiting Ukraine’s underground hacker community to help with cyberattacks against Russia.
Since it was assembled, IT Army members have coordinated their efforts using a Telegram channel where they also have access to a list of Russian targets.
The list includes over 30 targets, such as Russian government agencies, IP addresses, storage devices, and mail servers, as well as state-owned banks, large corporations supporting Russian critical infrastructure, and high-profile Russian tech giants like the Yandex Russian search engine and email portal.
The creation of the Ukrainian IT Army was prompted by what the Ukrainian Security Service (SSU) called a “massive wave of hybrid warfare.”
This tide of attacks includes DDoS attacks against Ukrainian government agencies and state-owned banks, destructive malware attacks [1, 2], and phishing campaigns targeting the Ukrainian military.
You may be very tempted to join Ukraine’s IT Army after watching the Russian army invade Ukraine and get involved in cyberattacks against Russian orgs.
However, it’s crucial to understand that you may make things worse and to remember the legal ramifications since denial of service attacks, breaching networks, and defacing websites is illegal in most countries, regardless of your target of choice.