Roskomnadzor demanded that VPN services connect to the register of prohibited sites

Roskomnadzor for the first time demanded that the owners of VPN services connect to the register of banned sites in Russia. According to the law, VPN providers and Anonymizers connected to it are obliged to filter traffic.

The requirements for connecting to the State Information System (FGIS) were sent to the operators of 10 VPN services NordVPN, Hide My Ass!, Hola VPN, OpenVPN, VyprVPN, ExpressVPN, TorGuard, IPVanish, Kaspersky Secure Connection and VPN Unlimited.

FGIS contains a single register of banned Internet resources in the Russian Federation. According to the law, VPN services and Anonymizers are obliged to restrict access to Internet resources prohibited in Russia. So, services are required to connect to this system to gain access to the registry.

According to the current legislation, VPN services are required to connect to FGIS within 30 working days from the date of sending the requirements. Otherwise, FGIS may decide to restrict access to the VPN service.

It turned out that Roskomnadzor demanded to connect to the FGIS after receiving approval from the Federal Security Service.

It's important to note that the search engines operators Yandex, Mail.ru, Sputnik, Rambler are currently connected to FGIS. At the beginning of 2019 Roskomnadzor fined the company Google for 500 thousand rubles for non-execution of requirements about connecting to FGIS.

QR-codes on historical buildings of Russian city Astrakhan that led to Adult sites have been removed


Hacker reportedly changed website location of the QR-codes on historical buildings of Russian city Astrakhan and replaced them with adult website link. There was no technical detail provided how hacker was able to change the location of QR code.

When residents and guests of the city scanned QR-codes, their phones opened resources for adults, instead of sites with historical references.

Galina Goteeva, the Minister of Culture and Tourism of the region, said on March 15 that the signs with QR codes on the historical buildings of Astrakhan were changed.

QR-codes on historically significant buildings of Astrakhan were placed a few years ago. It was assumed that people can get a historical reference about the building after scanning the code with a mobile phone. Already in November last year, the Media reported about QR codes leading to porn sites and dating sites for quick sex.

In fact, the Regional Ministry of Culture for a long time struggled with the elimination of porn content, the signs were removed with great difficulty. And only at the end of the year sex traffic was stopped completely.

However, it is still a mystery why the signs with QR-codes hung for so long and why they were not promptly replaced. In total, there are at least 15 signs. QR-codes stopped working more than a year ago, but officials did not pay any attention to it: first, the pages gave an error, and later they began to lead to porn sites.

Hackers used the Roskomnadzor registry for attacks on Yandex


 Yandex and several other major Russian resources a few days ago were subjected to a powerful DNS-attack. The attackers used vulnerabilities in the system of blocking sites.

"Any company and any website can suffer from such actions, " said a representative of the Press Service of Yandex.

The reason for the attack was a discovered vulnerability in the blocking system of Roskomnadzor websites. The criminals carried out the attack using DNS by changing the entries in the domain name system. They linked the addresses of new attacked sites with already blocked domains. So they managed to restrict access to the pages.

As a result, some user services were extremely slow. This was due to the fact that many operators carried out all traffic to these pages through a system of the Deep Packet Inspection — DPI.

The blocking of IP-addresses of the company Yandex was avoided, as the employees of the organization successfully repelled the attack for several days. The publication suggested that the hacker attack could be associated with the adoption of the law on the sustainability of the Runet: the problems were fixed during the rally.

The vulnerability exploited by the attackers has been known since 2017.

*Russian Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor)

Hackers Using Smart Devices to Launch Phishing Attack against Russian Business


Cybersecurity experts recorded a unique mass attack on Russian business. It is unique because hackers disguised themselves as well-known brands and used smart devices. This is the first mass attack of this kind.

Hackers presented themselves as representatives of famous brands, including retail chains, construction and oil companies. They sent e-mails with malicious software, in particular, on behalf of the Auchan hypermarket chain, or on behalf of the transnational energy Corporation Gazprom, qualitatively copying their style.

The e-mails contained the encryption virus Shade/Troldesh, it encoded files on users devices and demanded from them a fee for access to them.

Vladimir Dryukov, Director of the Solar JSOC Cyber Attack Monitoring and Response Center, noted that the intensity of this phishing mailing is several times higher than usual. According to him, the attack affected about 50 largest companies in Russia, whose employees received 10-50 letters a day. Group-IB experts recorded up to 2000 mailings per day.

The main feature of these attacks is the use of smart devices, for example, hacked routers around the world, as they are much more difficult to track. In addition, virus emails can be sent from any device that is capable of it, for example, modems, ecosystems of smart homes, network storage. Experts believe that in the future the number of hacker attacks using them will only grow.

"Usually IOT devices are used for DDoS attacks. Sending phishing emails from routers is still exotic, " said Vladimir Dryukov.

It is worth noting that the attacks on Russian companies began in November, but their peak came in February. Which companies were attacked and how much damage was caused to them is not disclosed.

The Kremlin told about hacker attacks on the website of the President of Russia



Foreign hackers are constantly attacking the website of Russian President Vladimir Putin. Intelligence agencies record a large number of attacks from Europe and the United States said the Kremlin.

As the Press Secretary of the Russian leader, Dmitry Peskov, noted, Western countries like to talk about" Russian hackers", but foreign partners themselves are waging an information war against Russia.

"A huge number of cyber attacks on Russian organizations, individuals and legal entities are constantly organized from the territory of the United States," he said.

According to him, hackers from Europe and North America regularly try to commit hacks. He noted that a new draft law on Autonomous RUnet is aimed at countering this.

The draft law on the Autonomous operation of the Russian Internet segment, if it is disconnected from the global network infrastructure, was submitted to the State Duma on December 14, 2018. The document is aimed at protecting the stable operation of the Internet in Russia in case of external threats. The bill defines the necessary traffic routing rules and organizes the control of their compliance.

The Consular Department of the Russian Embassy in Austria was attacked by hackers.

The Russian Embassy in Austria reported a recorded hacker attack aimed at creating obstacles the normal operation of the Consular Department of the Diplomatic Mission.

The Embassy explained that since the beginning of 2019, employees of the Department began to notice a systematic non-appearance of a large number of applicants who registered on the website through the electronic queue system. Also, citizens began to complain that the appointment was only possible in the months in advance. It is noted that since the beginning of 2019, some days no one who registered for an appointment came to the reception.

"Special technical services, at our request, checked the situation for possible manipulation of information networks from outside, as a result, more than 300 applications were found, processed in an automated mode from IP addresses from Iraq, Thailand, Indonesia and several other countries," said the representative of the Embassy.

According to the Diplomatic Mission, it was decided to remove these applications and block their sources and to date, the percentage of absenteeism of the applicants returned to the usual numbers.

Dmitry Lubinsky, Russian Ambassador to Austria, stressed that it was malicious actions aimed at the actual sabotage of the Consular Department of the Embassy. It is impossible to exclude repeated attacks, but they will closely monitor the situation in the interests of visitors.

Scammers disguise themselves as divisions of the Central Bank of Russia


Cyber Criminals performed a large-scale attack on Russian banks in late 2018, they managed to steal $ 20 million.

The attackers disguised themselves as divisions of the Central Bank FinCERT and Alfacapital. It is known that the attacks were carried out by hacker groups Silence and Cobalt, who had previously organized cybercrime. Also along with them operated a new hacker group, which had not been seen before.

The scheme of crimes was the same: the scammers on behalf of the FinCERT division of the Central Bank sent out malicious documents with macros. In addition, a compromised account of an employee of the company Alfacapital was used.

Representatives of many banks confirm the frequent attacks. The criminals tried to penetrate the infrastructure of the financial organization for the withdrawal of money.

The IT-company Positive Technologies conducted their own statistics and found that over 201 million people suffered from such attacks in 2018.

Moreover, banking infrastructure was attacked in 78% of cases, web resources - 13 %, ATMs and POS-terminals - 9 %, personal data - 39% , credential theft , card information, trade secret - 5%, personal correspondence and other information - 8%.

In addition, on February 18, Kaspersky Lab recorded an increase in attacks by Buhtrap and RTM banking Trojans in Russia. At the end of last year, experts recorded an increase in the activity of the banking Trojan RTM 50 times, compared to 2017.

A massive hacking incident occurred in the Russian social network Vkontakte


On Thursday, February 14, the work of the major Russian social network Vkontakte failed. In VK groups appeared the same link to the post, which was reported that users will now see ads in private messages.

Soon the administrators of the social network reacted and stopped the failure. The vulnerability was completely closed for 20 minutes. Subsequently, representatives of VK apologized for the inconvenience. At the moment, the work of the social network is fully normalized.

After some time, it turned out that the massive hacking was done by hackers who for a year tested the social network for various vulnerabilities and identified the bug. However, the administration of VK has not paid them a reward for finding and eliminating vulnerabilities in the code.

According to them, they did not purposefully report the only error in the code that they used to remind themselves. However, they noted that they did not harm users.

An interesting fact is that the Russian State Duma demanded an investigation of the incident. Alexei Zhuravlev, State Duma Deputy, said that it could be the intervention of the United States or Britain. At the moment, these publications are removed from the network.


Russia asked Georgia to extradite hacker Sumbaev


It became known that on November 26 the Prosecutor General's Office of Russia sent an official request for the extradition of Yaroslav Sumbaev, who was detained in Tbilisi.

As a reminder, Yaroslav Sumbaev is the head of the hacker group, consisting of 29 people, earned 258 thousand dollars on fictitious refunds of tickets of Russian Railways and S7 airlines in 2013-2014. The case of hacker group was conducted by Evgenija Shishkina, the senior investigator of the Ministry of Internal Affairs, who was shot on October 10.

Georgian police detained Sumbaev on November 5, as a result of a special operation. He was accused of illegally acquiring firearms and using a fake passport.

The Prosecutor General's Office of Russia guarantees that Sumbaev will be prosecuted only for those crimes for which his extradition is requested: the creation of a criminal community, theft committed by a group of persons.

However, according to a secret source, the Russian hacker will be interrogated in the case of the murder of the investigator Shishkina. The lawyer of Sumbaev said that his client partially admitted the allegations of cybercrime, however, categorically denied any involvement in the murder of the investigator.

The Prosecutor General's Office was unable to comment on Sumbayev’s extradition request.

It is interesting to note that the Ukrainian hacker Yuri Lysenko, accused of stealing more than a billion rubles (15.15 million $) from commercial Banks in Russia, was sentenced to 13 years in a maximum-security colony.