Russia shares list of 17,000 allegedly DDoSing IP addresses of Russian organizations

The Russian government has shared a list of 17,576 IP addresses that were allegedly used to launch Distributed Denial of Service (DDoS) attacks targeting Russian organizations and their networks.

The list was shared by the National Computer Incident Coordination Center (NKTsKI), an organization created by Russia’s Federal Security Service (FSB), along with tips for defending against attacks and a second list containing the information reference domain of the attackers.

“The National Computer Incident Coordination Center (NCCC) in the context of massive computer attacks against Russian information resources recommends taking measures to counter information security threats,” the agency said. Russian government in an opinion.

While the list of IP addresses does not provide information about the identity of the attackers, the list of domains points to organizations in the European Union and the United States, including FBI and CIA sites ( although one can spoof the referrer header information).

Another domain points to a Google Docs document with instructions on how to use the open-source Low Orbit Ion Cannon (LOIC) DDoS attack tool on Windows, macOS, iOS and Android devices to target Russian assets in a joint DDOS attack.

According to BleepingComputer’s review of NKTsKI’s list of IP addresses, many IP addresses correspond to residential Internet users who could face legal action if their government decides not to turn a blind eye to their cyber activities.

DDoS defense recommendations shared by the NKTsKI include:

  • Using DDoS Protection Services
  • Restrict network traffic based on shared referral information
  • Disabling web statistics plugins and scripts
  • Use of Russian DNS servers

The Ukrainian IT army and its Russian targets

Although the Russian government agency did not provide evidence to support its claims, the warning aligns with Ukrainian Deputy Prime Minister Mykhailo Fedorov’s announcement of the creation of a “computer army to support the country’s “fight on the cyberfront”.

The IT Army was created after the Ukrainian Ministry of Defense began recruiting Ukraine’s underground hacker community to help with cyberattacks on Russia.

Since its assembly, members of the IT Army have coordinated their efforts using a Telegram channel where they also have access to a list of Russian targets.

The list includes more than 30 targets, such as Russian government agencies, IP addresses, storage devices and mail servers, as well as state-owned banks, large companies supporting Russian critical infrastructure and top Russian tech giants. plan like Russian search Yandex. messaging engine and portal.

The creation of the Ukrainian IT Army was prompted by what Ukraine’s Security Service (SSU) called a “massive wave of hybrid warfare”.

This tide of attacks includes DDoS attacks against Ukrainian government agencies and public banks, destructive malware attacks [1, 2]and phishing campaigns targeting the Ukrainian military.

You might be very tempted to join the Ukrainian IT Army after watching the Russian military invade Ukraine and get involved in cyberattacks against Russian organizations.

However, it is crucial to understand that you can make things worse and to remember the legal ramifications since denial of service attacks, breaching networks and defacing websites are illegal in most countries, regardless of your target.

Previous Fix "Fake Twitter Profile" Issue Using DNS
Next NCIP facilitates IPs' dialogue with the UN and the international community