This is taken directly from a Russian site. The data cannot be verified. The probability of the US FBI and CIA along with news outlets openly participating in DDoS events is near zero.
____________
As cyberattacks escalate, the Russian government released a list of 17,576 IP addresses and 166 domains they say are behind a series of distributed denial of service (DDoS) attacks targeting Russian Federation internal infrastructure.
The list includes several well-known domains such as the US Federal Bureau of Investigation (FBI), the Central Intelligence Agency (CIA) and the websites of several media publications such as USA Today, 24News.ge, megatv.ge and the Ukrainian magazine Korrespondent.
As part of its recommendations for countering DDoS attacks, the agency urges organizations to:
-
- Take an inventory of all network devices and services running in your organization, as well as the firewall rules that provide access to them. Restrict outside access to all services and devices in the ITS, except for those absolutely necessary.
- Set up logging. Make sure that the logs of system security messages and the operation of operating systems, as well as events of access to various services of the organization (web sites, mail servers, DNS servers, etc.) are complete and correct. In the future, this can simplify the process of responding to possible computer incidents. Make sure that the logs are collected in the required volume.
- Use Russian DNS servers. Use corporate DNS servers and/or your carrier’s DNS servers to prevent redirecting users of your organization to malicious resources or other malicious activity. If your organization’s DNS zone is serviced by a foreign telecom operator, transfer it to the information space of the Russian Federation.
- Carry out an unscheduled change of passwords for access to key infrastructure elements.
- Use complex and unique passwords to access company services, as well as employee workstations.
- Make sure that default logins and passwords are not used anywhere, and if any are found, change them immediately.
- Check the correct functioning and correct settings of the information protection tools used in your organization.
- Update databases of anti-virus protection tools on a regular basis.
- Check email attachments in dynamic file analysis systems.
- Turn off automatic software updates. Install the necessary updates after analyzing the threats of exploiting vulnerabilities.
- Disable external plugins and plug-in elements of web page code, limit the operation of the following scripts for collecting statistics on information resources:
- Use data backup to be able to recover meaningful digital information processed in your organization if it is lost. Make sure you have up-to-date backups.
- Monitor the status of the SSL certificate. When using an SSL certificate issued by a foreign certification authority, make sure that the connection to your information resource remains trusted and that the SSL certificate used has not been revoked. If the SSL certificate is revoked, prepare a self-signed SSL certificate. Distribute your certificates to those who use your services (customers, partners, etc.).
- Use services to protect against DDoS attacks.
- To protect against DDoS attacks on firewalls, limit network traffic that contains values from the referer_http_header.txt file in the Referer field of the HTTP header.
- To protect against DDoS attacks on network information protection tools, restrict network traffic from the IP addresses listed in the proxies.txt file. The IP addresses specified in it belong to proxy servers used in DDoS attacks.
- Use remote administration tools that do not function through foreign information resources.
- Use products for secure data exchange using VPN technology.
- Conduct training sessions with employees on information security, countering social engineering methods, as well as the principles of secure remote work.
- Teach employees not to succumb to the threat of scammers demanding a ransom for data recovery. Send information about such computer incidents to the NCCC for further response.
That’s not all. Ukraine, which has managed to assemble a volunteer “IT army” of civilian hackers from around the world, has put forward a new set of targets that includes the Belarusian railway network, Russia’s GLONASS satellite global navigation system, and telecom operators such as MTS and Beeline.
List Russian NCCC says is DDoSing RU, SU, and RF sites:
xn--80aafyzixh.xn--j1amh www.zdg.md www.usatoday.com/search/results?q= www.ukrinform.ru www.ted.com/search?q= www.stily.ge www.rondevo.com www.psichopatas.lt www.picuki.com www.ostro.org www.onlinedics.ru www.mamywiekszego.pl www.fbi.com www.dynamomania.com www.cia.gov/index.html www.bigmir.net www.alia.ge www.abw.by www.1variant.ru war.lt vug.pl/takeRussiaDown.html vug.pl vtemu.by vlast.kz v3.jrmk.net ukrainiancharm.com ukraine.is-great.org ua.korrespondent.net tv8.md trendy-u.com the-list.ams3.cdn.digitaloceanspaces.com tarahtino.notion.site/tarahtino talkytimes.com talkyminute.com talkyhour.com stoprussianweb.eu stopputin.ddns.net stop-russian-fake.news stop-russian-desinformation.near.page stop-russian-belarus-invation.web.app stop-russian-belarus-invation.firebaseapp.com stop-russia.synergize.co stop-russia.rf.gd stop-russia.great-site.net stop--russian--desinformation-near-page.translate.goog stiri.md star.korupciya.com slavaukraini.online slavaukraini.000webhostapp.com sbiblio.com russianwarshipgofuckyourself.club russia-must-be-stopped-6mpfu.ondigitalocean.app ru.jooble.org romancetale.com ringside24.com realist.online raid.shell.enes.tech r.search.yahoo.com putler.whonnock.sk putin-huilo.xyz primetime.ge pravdatutnews.com point.md play.tavr.media pia.ge peliskovi.cz peimquizpol.xyz/ padaread.com padabum.com ovh1.vanagas.tech osvita.name omore.city officiel-online.com nowar.1plus.red norussian.tk news.bigmir.net neagent.by mwl.vdl.pl megatv.ge mbox.bigmir.net mamywiekszego.pl m.valentime.com m.rondevo.com m.orchidromance.com m.loveswans.com m.funchatt.com m.derzhava-sveta.webnode.ru m.amourfeel.com m.amourfactory.com m.999.md livebeam.com lady.tochka.net kuzelovi.cz kratkoe.com korupciya.com korrespondent.net konspiracie.tresk.sk knizhnik.org kinowar.com kaszaniok.github.io kanalukraina.tv joinposter.com jebacruskich.page ipfs.io internetua.com higherror.notion.site help-ukraine-win.web.app help-ukraine-win.s3.eu-west-1.amazonaws.com/index.html help-ukraine-win.s3.eu-west-1.amazonaws.com help-ukraine-win.firebaseapp.com gonzo.shell.enes.tech glavpost.com github.com/chmod777anarchy gazetaby.com fuck-desinformation.netlify.app freeanon.xyz fraza.com forum.ge fortuna.ge footballua.tv football.by fly.freecluster.eu fc2f61349e3b9152a43028e0509d10dc.safeframe.googlesyndication.com exk.kz euroradio.fm enovosty.com edufuture.biz e007c0704f610e92c793531d460e7e90.safeframe.googlesyndication.com dstat.sorryy.me droni.ge docs.google.com/document/d/18nxvjQuHpAgrJ-t9S9CJ9dPK9_z0F73UrBpBFn7ZyVo dildouslugi.ga digest.pia.ge dev.by derzhava-sveta.webnode.ru deathtoputin.github.io ddosrussia.netlify.app ddos.featurelab.software ddos-russian-sites.com ddos-hohlov.vercel.app d-31801991032363131989.ampproject.net cyberwar.ctb-it.de cyber-yuzh.com cyber-yozh.com cyber-ukraine.com c9248b6329f2bcf745f2dc603017afd7.safeframe.googlesyndication.com babsi.de atp.gofintechapp.com asiacharm.com as104.online-stars.org apteka.103.by antiput.in amourleague.com amourfeel.com amourfactory.com aif.by 9c6a8bc8c2a9e9e14ce94fbc4d280c26.safeframe.googlesyndication.com 81g6bk.csb.app 5sfer.com 24news.ge ddoshohlov.net ddos-ukrov.netlify.app help-ukraine-win.com fuckrf.ga feraquiziru.xyz notwar.ho.ua
Proxy List (Note: .RU site)
https://safe-surf.ru/upload/ALRT/proxies.txt
RUSSIAN National Coordinating Center for Computer Incidents (NCCC)
NCCC: RECOMMENDATIONS FOR PROTECTING INFORMATION RESOURCES FROM COMPUTER ATTACKS
Home / Specialists / News
NKTsKI: recommendations for protecting information resources from computer attacks
02.03.2022
NCCKI GosSOPKA DDoS attack computer attack recommendations CII protection
NKTsKI: recommendations for protecting information resources from computer attacks
The National Coordinating Center for Computer Incidents (NCCC) in the context of massive computer attacks on Russian information resources recommends taking measures to counter threats to information security.
The list of recommendations is given in the NCCC Bulletin.
Relevance threats Up to date Description
Under the conditions of massive computer attacks on the Russian information resources of the NKTsKI requests to take note of the list of general recommendations for countering security threats information.
Recommendations for opposition threat security information (Better known as configuring your systems to prepare for complete control by the Russian Intranet)
(NOTE: When reading the 20 rules, ponder the meaning behind several of the recommendations and what they mean to the RU government relative to tracking, inventorying, and controlling internal websites. Number 10 is interesting and telling as a method used in Russia. Number 11 advocates removing all browser plugins – this would include privacy extensions.
- Conduct an inventory of all network devices and services operating in your organization, and as well as firewall rules that provide access to them. Restrict outside access to everyone services and devices in the ITS, except for those absolutely necessary.
- Set up logging. Make sure that the saved system logs are sufficient and correct.
security messages and the operation of operating systems, as well as access events to various organization services (web sites, mail servers, DNS servers, etc.). Subsequently, this may simplify the process of responding to possible computer incidents. Make sure the logs are collected in the required volume. - Use Russian DNS servers. Use the corporate DNS servers and/or the DNS servers of your telecom operator in order to prevent the organization’s users from being redirected to malicious resources or other malicious activity. If your organization’s DNS zone serviced by a foreign telecom operator, transfer it to the information space of the Russian Federation.
- Conduct an unscheduled change of passwords for access to key infrastructure elements.
- Use complex and unique passwords to access the organization’s services, as well as workplaces employees.
- Make sure that default logins and passwords are not used anywhere, and if any are found, change them immediately.
- Check the correct operation and correct settings of information security tools,
applied in your organization. - Update databases of anti-virus protection tools on a regular basis.
- Check email attachments in dynamic file analysis systems.
- Turn off automatic software updates. Installing required updates perform exploitation of vulnerabilities after threat analysis.
- Disable external plugins and plug-ins of web page code, limit the work of the following
scripts for collecting statistics on information resources:
− Google Adsense
− SendPulse
− MGID
− Lentainform
− onthe.io - Use data backup to be able to recover meaningful digital information processed by the organization in case of loss. Make sure you have up-to-date backups copies.
- Monitor the status of the SSL certificate. When using an SSL certificate issued by a foreign certification authority, make sure that the connection to your information resource remains trusted, and the SSL certificate being used has not been revoked. If the SSL certificate is revoked, prepare self-signed SSL certificate. Distribute your certificates to those who use your services (customers, partners, etc.).
- Use services to protect against DDoS attacks.
- To protect against DDoS attacks on network information protection tools, restrict network traffic containing in the Referer HTTP header field of the value from the referer_http_header.txt file.
- To protect against DDoS attacks on network information protection tools, limit network traffic from the IP addresses listed in the proxies.txt file. The IP addresses specified in it belong to proxy servers, used in DDoS attacks.
- Use remote administration tools that do not function through foreign information resources.
- Use products for secure data exchange using VPN technology.
- Conduct training sessions with employees of the organization on information security, countering social engineering methods, as well as the principles of secure remote work.
- Teach employees not to succumb to the threat of scammers demanding a ransom for data recovery. Send information about such computer incidents to the NCCC for further response.