3 million sites that use Cloudflare exposed – Updated
This was reported by the National Security and Defense Council of Ukraine. The so-called DarkNet has published a list of almost 3 million sites that use Cloudflare to protect against DDoS and other attacks. According to the National Security and Defense Council, the list merged into DarkNet contains real IP-addresses of sites, which poses a threat of attacks aimed at them.
Among the published addresses are 45 records with the domain “gov.ua” and more than 6.5 thousand with the domain “ua”. Some of these resources belong to critical infrastructure.
According to Ukrainian experts, part of the data on Ukrainian sites is outdated, and part is still relevant. In this regard, the staff of the National Security and Defense Council reported a threat to the main subjects of cybersecurity.
“We jointly notify the owners of all resources whose IP addresses have been compromised as a result of the leak. Owners of compromised resources are recommended, if possible, to quickly change the IP addresses of web resources and strengthen monitoring of cyberattacks on these resources, “- said in a statement.
It is noted that the Cloudflare service provides network services to hide real IP addresses to mitigate DDoS attacks.
Good shit boys, boot up the Low Orbit Ion Cannon
In May,a scandal eruptedover the sale of personal information of millions of Ukrainians through one of the Telegram channels (Telegram-bot UA
Baza).Authorities have denied suspicions that the “Action” supplement may be involved.But experts “Ukrainian kiberalyansu”admitthat the leaked information could still occur because of the “action”.Investigators from the State Bureau of Investigation have launched a pre-trial investigation into the leak of information containing personal data of Ukrainian citizens, which was disseminated in one of the anonymous channels in the Telegram.According to the DBR,officials of the Main Service Center of the Ministry of Internal Affairs of Ukraine and the State Migration Servicemay be involvedin the leakage of personal data.