Several Russian government websites, including the official Kremlin site, were intermittently unavailable to users in Russia and other parts of the world on Thursday.
The websites went down just hours after Russian troops invaded Ukraine and Russian President Vladimir Putin declared the start of a “special military operation” in Ukraine.
The government’s website (government.ru), the State Duma’s website (Russia’s lower house of parliament), and the Ministry of Defense’s website were all affected.
At the time of writing, the English-language version of the Kremlin’s website (en.kremlin.ru) was not loading.
It was unclear what had caused the issue.
When asked if the Kremlin’s website had been subjected to a distributed denial of service (DDoS) attack, a Kremlin spokesperson insisted that the platform was functioning smoothly.
Doug Madory, an analyst at the internet monitoring firm Kentik, told CNN that the outages are part of a larger pattern of DDoS attacks aimed at Russia’s government.
“It is a simultaneous flood of traffic from sources around the world on a specific port … to a specific set of IP addresses,” Madory said. “That isn’t a natural flow of internet traffic.”
CNN military analyst Cedric Leighton, however, described the deactivation of the websites as a “defensive measure” and a technique of “isolating a portion of the [Russian] Internet”.
Whitehats to the rescue?
While the actual source of the problems is unclear, it may be related to a call that went out across hacker forums yesterday morning.
A post appearing across multiple sites read, ‘Ukrainian cybercommunity! It’s time to get involved in the cyber defense of our country’. It asked both hackers and cybersecurity experts to apply via Google Docs, listing their specialties and references.
Yegor Aushev, co-founder of Cyber Unit Technologies in Kyiv, told Reuters that he published the post at the request of a Defence Ministry Official. Another person involved also confirmed the original source of the message, although Ukrainian officials refused to comment.
Aushev has said that volunteers will be divided into offensive and defensive units, either conducting espionage against invading Russian forces or protecting critical infrastructure in Ukraine.
There have apparently been hundreds of applicants, whom Aushev is now vetting to ensure none are Russian agents.
The Anonymous hacking group has also ‘declared war’ on Russia, and is claiming responsibility for taking down several websites, including RT.com – the government’s international news/propaganda outlet.
The new battleground
The disruption in Russia follows similar outages in Ukraine, attributed to the Russian government, in recent days.
Official websites belonging to the Ukrainian parliament, government, and foreign ministry went offline hours before Russia invaded on Thursday.
The websites of Ukrainian Ministry of Defence; Ministry of Internal Affairs; the Cabinet of Ministers; the Security Service of Ukraine; Privatbank (Ukraine’s largest bank) and Oschadbank (the State Savings Bank) were among those knocked down in the attacks.
On Thursday, cyber security firm ESET said it had discovered a piece of data wiping malware, dubbed HermeticWiper, circulating on hundreds of computers across the country.
The company said that the destructive software had been installed on hundreds of devices in the country. Initial investigation suggested that the attack had been in the works for the past couple of months.
The timestamp on the programme indicated that it was compiled on December 28th, 2021. The malware looked to be digitally signed with a certificate issued to Hermetica Digital Ltd, an obscure firm based in Cyprus.
Last month, another data wiper, known as WhisperGate, swept through Ukraine.
Vikram Thakur of cyber security firm Symantec told Reuters that HermeticWiper infections had spread outside Ukraine.
“We see activity across Ukraine and Latvia,” he said.
Last week, officials from the US Cybersecurity and Infrastructure Security Agency (CISA) issued a “Shields Up” warning to US businesses, advising them to revert to basic cyber hygiene standards in order to safeguard their networks and systems to the greatest extent possible. UK firms have had a similar warning.
On Wednesday, US and UK cyber security agencies published a joint Cybersecurity Advisory (CSA) detailing a new malware strain called Cyclops Blink, allegedly being used by a Russia-backed hacking group to target home and office networking devices.
To hear more about how we can tackle security challenges, join us at CyberSecurity Festival this June. Register here.