Russia Is Being Hacked at an Unprecedented Scale

From “IT Army” DDoS attacks to custom malware, the country has become a target like never before. THE ORDERS ARE issued like clockwork. Every day, often at around 5 am local time, the Telegram channel housing Ukraine’s unprecedented “IT Army” of hackers buzzes with a new list of targets. The volunteer group has been knocking Russian websites offline using wave after wave of distributed denial-of-service (DDoS) attacks, which flood websites with traffic requests and make them inaccessible, since the war started. The IT Army’s actions were just the start. Since Russia invaded Ukraine at the end of February, the country has faced an unprecedented barrage of hacking activity. Hacktivists, Ukrainian forces, and outsiders from all around the world who are taking part in the IT Army have targeted Russia and its business. DDoS attacks make up the bulk of the action, but researchers have spotted ransomware that’s designed to target Russia and have been hunting for bugs in Russian systems, which could lead to more sophisticated attacks. The attacks against Russia stand in sharp contrast to recent history. Many cybercriminals and ransomware groups have links to Russia and don’t target the nation. Now, it’s being opened up. “Russia is typically considered one of those countries where cyberattacks come from and not go to,” says Stefano De Blasi, a cyber-threat intelligence analyst at security firm Digital Shadows. At the start of the war, DDoS was unrelenting. Record levels of DDoS attacks were recorded during the first three months of 2022, according to analysis from Russian cybersecurity company Kaspersky. Both Russia and Ukraine used DDoS to try to disrupt each other, but the efforts against Russia have been more innovative and prolonged. Ukrainian tech companies transformed the puzzle game 2048 into a simple way to launch DDoS attacks and have developed tools to allow anyone to join the action, irrespective of their technical knowledge. “The more we use attack automation tools, the stronger our attacks,” reads a message sent to the IT Army Telegram channel on March 24. The channel’s operators urge people to use VPNs to disguise their location and help avoid their targets’ DDoS protections. Toward the end of April, the IT Army launched its own website that lists whether its targets are online or have been taken down and includes technical guides. (The IT Army did not respond to a request for comment.)

via wired: Russia Is Being Hacked at an Unprecedented Scale