After Ukraine recruits an “IT Army,” dozens of Russian sites go dark

Cyberspace is feeling the strain of Russia's deadly invasion of Ukraine, with multiple sites tied to the Kremlin and its allies unavailable to all or at least major parts of the Internet.

The defacement of Russian websites began last week and was followed by a call from the Ukrainian vice prime minister for the formation of an IT Army to target Russian interests.

A call to arms

Vice Prime Minister Mykhailo Fedorov wrote that there will be tasks for everyone. The first task is for cyber specialists.

We are creating an IT army. We need digital talents. All operational tasks will be given here: https://t.co/Ie4ESfxoSn. There will be tasks for everyone. We continue to fight on the cyber front. The first task is on the channel for cyber specialists.

— Mykhailo Fedorov (@FedorovMykhailo) February 26, 2022

31 organizations affiliated with the Kremlin, Russian banks and corporations were on the task list. Russian government agencies, government IP addresses, government storage devices and mail server are some of the targets. For a time, the popular Russian search engine was unavailable.

The websites for banks, corporations, and government websites were unavailable at the time.

The Cyberpolice of Ukraine reported on Sunday that it had blocked web surfers from reaching a host of high-profile Russian sites.

Advertisement

Currently down

The website of the Investigative Committee of the Russian has been attacked.

The post said that the sites were taken down because they were not reachable at the time.

  • sberbank.ru
  • vsrf.ru
  • scrf.gov.ru
  • kremlin.ru
  • radiobelarus.by
  • rec.gov.by
  • sb.by
  • belarus.by
  • belta.by
  • tvr.by

Internet traffic from outside of Russia was completely blocked from accessing the site on Monday. According to Doug Madory, director of Internet analysis for Kentik, Russia's biggest Internet provider stopped announcing the BGP routes for the portal to contain a nonstop onslaught of junk traffic that had been flooding it.

— Doug Madory (@DougMadory) February 27, 2022

The site was unavailable to everyone who used an outside of Russia address. Microsoft's points-of-presence are exceptions.

This site is mostly used domestically, so it probably isn't a big deal that outsiders can't access it.

Russian energy company Rosseti published a post on their Facebook page stating that electric vehicle charging stations in Russia stopped working after a Ukrainian company hacked them. The stations displayed a message that said "Gallant to UKRAINE, Glory to the HEROES, and Putin is a Death to the Enemy."

Advertisement

While much of the attention has focused on Ukraine's use of distributed denial of service attacks to disrupt or block Russian sites, the smaller nation has also been on the receiving end of malicious hacking as well. Last week, researchers from security firm ESET said that they had discovered a new type of data scraper on hundreds of computers in Ukraine.

Breaking. #ESETResearch discovered a new data wiper malware used in Ukraine today. ESET telemetry shows that it was installed on hundreds of machines in the country. This follows the DDoS attacks against several Ukrainian websites earlier today 1/n

— ESET research (@ESETresearch) February 23, 2022

The findings were confirmed by researchers from Symantec. They had found the same type of malicious software targeting banks and organizations in the defense, aviation, and IT services industries.

HermeticWiper said that the new software follows a tried and tested technique of abusing.

The Eldos Rawdisk driver was abused by the Lazarus Group and Shamoon from the group known as APT33 to get direct userland access to the filesystem. HermeticWiper uses a similar technique to abuse a different driver.

Last week, security researchers said that Russia’s most cutthroat hacking group had deployed new malware for infecting network devices so they could be used to steal passwords and other sensitive data or as a proxy for concealing cyberattacks on other organizations. Ukrainian websites have also been made unreachable in DDoS attacks.

The NotPetya attacks, which caused $10 billion in losses for companies all over the world, were the best known of the destructive attacks that have been carried out by the Russian government. The power grid in Ukraine has been shut down twice by Russian hackers.