Read Time:9 Minute, 38 Second

This is taken directly from a Russian site. The data cannot be verified. The probability of the US FBI and CIA along with news outlets openly participating in DDoS events is near zero. 

____________

As cyberattacks escalate, the Russian government released a list of 17,576 IP addresses and 166 domains they say are behind a series of distributed denial of service (DDoS) attacks targeting Russian Federation internal infrastructure.

The list includes several well-known domains such as the US Federal Bureau of Investigation (FBI), the Central Intelligence Agency (CIA) and the websites of several media publications such as USA Today, 24News.ge, megatv.ge and the Ukrainian magazine Korrespondent.

As part of its recommendations for countering DDoS attacks, the agency urges organizations to:

    1. Take an inventory of all network devices and services running in your organization, as well as the firewall rules that provide access to them. Restrict outside access to all services and devices in the ITS, except for those absolutely necessary.
    2. Set up logging. Make sure that the logs of system security messages and the operation of operating systems, as well as events of access to various services of the organization (web sites, mail servers, DNS servers, etc.) are complete and correct. In the future, this can simplify the process of responding to possible computer incidents. Make sure that the logs are collected in the required volume.
    3. Use Russian DNS servers. Use corporate DNS servers and/or your carrier’s DNS servers to prevent redirecting users of your organization to malicious resources or other malicious activity. If your organization’s DNS zone is serviced by a foreign telecom operator, transfer it to the information space of the Russian Federation.
    4. Carry out an unscheduled change of passwords for access to key infrastructure elements.
    5. Use complex and unique passwords to access company services, as well as employee workstations.
    6. Make sure that default logins and passwords are not used anywhere, and if any are found, change them immediately.
    7. Check the correct functioning and correct settings of the information protection tools used in your organization.
    8. Update databases of anti-virus protection tools on a regular basis.
    9. Check email attachments in dynamic file analysis systems.
    10. Turn off automatic software updates. Install the necessary updates after analyzing the threats of exploiting vulnerabilities.
    11. Disable external plugins and plug-in elements of web page code, limit the operation of the following scripts for collecting statistics on information resources:
  1. Use data backup to be able to recover meaningful digital information processed in your organization if it is lost. Make sure you have up-to-date backups.
  2. Monitor the status of the SSL certificate. When using an SSL certificate issued by a foreign certification authority, make sure that the connection to your information resource remains trusted and that the SSL certificate used has not been revoked. If the SSL certificate is revoked, prepare a self-signed SSL certificate. Distribute your certificates to those who use your services (customers, partners, etc.).
  3. Use services to protect against DDoS attacks.
  4. To protect against DDoS attacks on firewalls, limit network traffic that contains values ​​from the referer_http_header.txt file in the Referer field of the HTTP header.
  5. To protect against DDoS attacks on network information protection tools, restrict network traffic from the IP addresses listed in the proxies.txt file. The IP addresses specified in it belong to proxy servers used in DDoS attacks.
  6. Use remote administration tools that do not function through foreign information resources.
  7. Use products for secure data exchange using VPN technology.
  8. Conduct training sessions with employees on information security, countering social engineering methods, as well as the principles of secure remote work.
  9. Teach employees not to succumb to the threat of scammers demanding a ransom for data recovery. Send information about such computer incidents to the NCCC for further response.

That’s not all. Ukraine, which has managed to assemble a volunteer “IT army” of civilian hackers from around the world, has put forward a new set of targets that includes the Belarusian railway network, Russia’s GLONASS satellite global navigation system, and telecom operators such as MTS and Beeline.

List Russian NCCC says is DDoSing RU, SU, and RF sites:

xn--80aafyzixh.xn--j1amh		
www.zdg.md		
www.usatoday.com/search/results?q=		
www.ukrinform.ru		
www.ted.com/search?q=		
www.stily.ge		
www.rondevo.com		
www.psichopatas.lt		
www.picuki.com		
www.ostro.org		
www.onlinedics.ru		
www.mamywiekszego.pl		
www.fbi.com		
www.dynamomania.com		
www.cia.gov/index.html		
www.bigmir.net		
www.alia.ge		
www.abw.by		
www.1variant.ru		
war.lt		
vug.pl/takeRussiaDown.html		
vug.pl			
vtemu.by		
vlast.kz		
v3.jrmk.net		
ukrainiancharm.com		
ukraine.is-great.org		
ua.korrespondent.net		
tv8.md		
trendy-u.com				
the-list.ams3.cdn.digitaloceanspaces.com		
tarahtino.notion.site/tarahtino		
talkytimes.com		
talkyminute.com				
talkyhour.com		
stoprussianweb.eu		
stopputin.ddns.net		
stop-russian-fake.news				
stop-russian-desinformation.near.page		
stop-russian-belarus-invation.web.app		
stop-russian-belarus-invation.firebaseapp.com		
stop-russia.synergize.co		
stop-russia.rf.gd		
stop-russia.great-site.net		
stop--russian--desinformation-near-page.translate.goog		
stiri.md		
star.korupciya.com				
slavaukraini.online		
slavaukraini.000webhostapp.com		
sbiblio.com		
russianwarshipgofuckyourself.club		
russia-must-be-stopped-6mpfu.ondigitalocean.app		
ru.jooble.org		
romancetale.com		
ringside24.com		
realist.online		
raid.shell.enes.tech		
r.search.yahoo.com		
putler.whonnock.sk		
putin-huilo.xyz		
primetime.ge		
pravdatutnews.com		
point.md		
play.tavr.media		
pia.ge		
peliskovi.cz		
peimquizpol.xyz/		
padaread.com		
padabum.com		
ovh1.vanagas.tech		
osvita.name		
omore.city		
officiel-online.com		
nowar.1plus.red		
norussian.tk		
news.bigmir.net		
neagent.by		
mwl.vdl.pl		
megatv.ge		
mbox.bigmir.net		
mamywiekszego.pl		
m.valentime.com		
m.rondevo.com		
m.orchidromance.com		
m.loveswans.com		
m.funchatt.com		
m.derzhava-sveta.webnode.ru		
m.amourfeel.com		
m.amourfactory.com		
m.999.md		
livebeam.com		
lady.tochka.net		
kuzelovi.cz		
kratkoe.com		
korupciya.com		
korrespondent.net		
konspiracie.tresk.sk		
knizhnik.org		
kinowar.com		
kaszaniok.github.io				
kanalukraina.tv			
joinposter.com		
jebacruskich.page		
ipfs.io		
internetua.com		
higherror.notion.site		
help-ukraine-win.web.app				
help-ukraine-win.s3.eu-west-1.amazonaws.com/index.html		
help-ukraine-win.s3.eu-west-1.amazonaws.com		
help-ukraine-win.firebaseapp.com		
gonzo.shell.enes.tech		
glavpost.com		
github.com/chmod777anarchy		
gazetaby.com		
fuck-desinformation.netlify.app		
freeanon.xyz				
fraza.com		
forum.ge		
fortuna.ge		
footballua.tv		
football.by		
fly.freecluster.eu		
fc2f61349e3b9152a43028e0509d10dc.safeframe.googlesyndication.com		
exk.kz		
euroradio.fm		
enovosty.com		
edufuture.biz		
e007c0704f610e92c793531d460e7e90.safeframe.googlesyndication.com			
dstat.sorryy.me		
droni.ge		
docs.google.com/document/d/18nxvjQuHpAgrJ-t9S9CJ9dPK9_z0F73UrBpBFn7ZyVo			
dildouslugi.ga		
digest.pia.ge		
dev.by		
derzhava-sveta.webnode.ru		
deathtoputin.github.io		
ddosrussia.netlify.app		
ddos.featurelab.software		
ddos-russian-sites.com		
ddos-hohlov.vercel.app		
d-31801991032363131989.ampproject.net		
cyberwar.ctb-it.de		
cyber-yuzh.com		
cyber-yozh.com				
cyber-ukraine.com		
c9248b6329f2bcf745f2dc603017afd7.safeframe.googlesyndication.com		
babsi.de		
atp.gofintechapp.com		
asiacharm.com		
as104.online-stars.org		
apteka.103.by		
antiput.in		
amourleague.com		
amourfeel.com		
amourfactory.com		
aif.by		
9c6a8bc8c2a9e9e14ce94fbc4d280c26.safeframe.googlesyndication.com		
81g6bk.csb.app		
5sfer.com		
24news.ge
ddoshohlov.net
ddos-ukrov.netlify.app
help-ukraine-win.com
fuckrf.ga
feraquiziru.xyz
notwar.ho.ua

Proxy List (Note: .RU site)

https://safe-surf.ru/upload/ALRT/proxies.txt

RUSSIAN National Coordinating Center for Computer Incidents (NCCC)

NCCC: RECOMMENDATIONS FOR PROTECTING INFORMATION RESOURCES FROM COMPUTER ATTACKS
Home / Specialists / News
NKTsKI: recommendations for protecting information resources from computer attacks
02.03.2022
NCCKI GosSOPKA DDoS attack computer attack recommendations CII protection
NKTsKI: recommendations for protecting information resources from computer attacks
The National Coordinating Center for Computer Incidents (NCCC) in the context of massive computer attacks on Russian information resources recommends taking measures to counter threats to information security.
The list of recommendations is given in the NCCC Bulletin.

Relevance threats Up to date Description

Under the conditions of massive computer attacks on the Russian information resources of the NKTsKI requests to take note of the list of general recommendations for countering security threats information.

Recommendations for opposition threat security information (Better known as configuring your systems to prepare for complete control by the Russian Intranet)

(NOTE: When reading the 20 rules, ponder the meaning behind several of the recommendations and what they mean to the RU government relative to tracking, inventorying, and controlling internal websites. Number 10 is interesting and telling as a method used in Russia.  Number 11 advocates removing all browser plugins – this would include privacy extensions.

  1. Conduct an inventory of all network devices and services operating in your organization, and as well as firewall rules that provide access to them. Restrict outside access to everyone services and devices in the ITS, except for those absolutely necessary.
  2. Set up logging. Make sure that the saved system logs are sufficient and correct.
    security messages and the operation of operating systems, as well as access events to various organization services (web sites, mail servers, DNS servers, etc.). Subsequently, this may simplify the process of responding to possible computer incidents. Make sure the logs are collected in the required volume.
  3. Use Russian DNS servers. Use the corporate DNS servers and/or the DNS servers of your telecom operator in order to prevent the organization’s users from being redirected to malicious resources or other malicious activity. If your organization’s DNS zone serviced by a foreign telecom operator, transfer it to the information space of the Russian Federation.
  4. Conduct an unscheduled change of passwords for access to key infrastructure elements.
  5. Use complex and unique passwords to access the organization’s services, as well as workplaces employees.
  6. Make sure that default logins and passwords are not used anywhere, and if any are found, change them immediately.
  7. Check the correct operation and correct settings of information security tools,
    applied in your organization.
  8. Update databases of anti-virus protection tools on a regular basis.
  9. Check email attachments in dynamic file analysis systems.
  10. Turn off automatic software updates. Installing required updates perform exploitation of vulnerabilities after threat analysis.
  11. Disable external plugins and plug-ins of web page code, limit the work of the following
    scripts for collecting statistics on information resources:
    − Google Adsense
    − SendPulse
    − MGID
    − Lentainform
    − onthe.io
  12. Use data backup to be able to recover meaningful digital information processed by the organization in case of loss. Make sure you have up-to-date backups copies.
  13. Monitor the status of the SSL certificate. When using an SSL certificate issued by a foreign certification authority, make sure that the connection to your information resource remains trusted, and the SSL certificate being used has not been revoked. If the SSL certificate is revoked, prepare self-signed SSL certificate. Distribute your certificates to those who use your services (customers, partners, etc.).
  14. Use services to protect against DDoS attacks.
  15. To protect against DDoS attacks on network information protection tools, restrict network traffic containing in the Referer HTTP header field of the value from the referer_http_header.txt file.
  16. To protect against DDoS attacks on network information protection tools, limit network traffic from the IP addresses listed in the proxies.txt file. The IP addresses specified in it belong to proxy servers, used in DDoS attacks.
  17. Use remote administration tools that do not function through foreign information resources.
  18. Use products for secure data exchange using VPN technology.
  19. Conduct training sessions with employees of the organization on information security, countering social engineering methods, as well as the principles of secure remote work.
  20. Teach employees not to succumb to the threat of scammers demanding a ransom for data recovery. Send information about such computer incidents to the NCCC for further response.

ALRT-20220302.1 –

About Post Author

Treadstone 71

@Treadstone71LLC Cyber intelligence, counterintelligence, Influence Operations, Cyber Operations, OSINT, Clandestine Cyber HUMINT, cyber intel and OSINT training and analysis, cyber psyops, strategic intelligence, Open-Source Intelligence collection, analytic writing, structured analytic techniques, Target Adversary Research, cyber counterintelligence, strategic intelligence analysis, estimative intelligence, forecasting intelligence, warning intelligence, threat intelligence
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
%d bloggers like this: