Russian DDoS Traffic Details Unearthed
Government of Russia published a list of more than 17,500 IP addresses and 174 internet domains it says are involved in ongoing distributed denial-of-service attacks on Russian domestic targets.
It includes the FBI and CIA’s home pages, and other sites with top-level domain (TLD) extensions denoting they are registered through countries such as Belarus, Germany, Ukraine, and Georgia, as well as the European Union.
The Russian government did not publish any proof or evidence backing up its claims about the IP addresses or domains on its list. DDoS incidents can be tough to attribute to any specific actor, and otherwise benign internet domains can be hijacked by attackers to misdirect attention.
Due to lesser level of sophistication required to conduct DDoS attacks, Ukrainian government has asked its growing legion of cyber volunteers to launch such actions against a list of Russian and Belarusian websites.
It’s impossible to verify each and every attack, there is anecdotal reporting from within Russia that the flurry of activity is having an impact. Oleg Shakirov, an international security expert at a Moscow-based think tank, tweeted that “the Internet is not the same,” and government websites “are often not available because of DDoS attacks.” Other services, such as Twitter and Facebook, have been throttled by the Russian government.
Hackers associated with Russian government have launched a series of their own DDoS attacks against Ukrainian targets multiple times in the run up to the military attack, coinciding with more serious attacks that in some cases delivered malware designed to wipe data and destroy computers.
Independent data shows that Russian internet infrastructure has heavily targeted with DDoS disruptions. Data available to the firm shows DDoS attacks aimed at the at internet infrastructure that handles the “.ru” top level domain (TLD).