On the night of September 11, the infrastructure of the center for issuing electronic signatures of the Osnovaniye UC, which includes JSC Analytical Center and JSC Unified ES Portal, was subject to a cyber attack, as a result of which the company’s websites became unavailable, and the process of issuing ES stopped, writes Kommersant “with reference to the center’s statement. At the moment, the sites uc-osnovanie.ru and iecp.ru are still unavailable.
The letter published by the company states that “currently, the issuance of new certificates for electronic signature verification keys has been suspended; together with the National Coordination Center for Computer Incidents subordinate to the FSB, an audit of the incident is being conducted, and work is underway to restore the functionality of the certification center.” The resumption of issuing certificates was scheduled for September 12, but so far no progress has been observed.
The letter noted that Analytical Center JSC does not store electronic signature keys, so an attack on its information resources could not affect or compromise clients’ electronic signatures. “The infrastructure associated with the software and hardware complex of the CA was not damaged, it is impossible to talk about compromising the keys, and those who already have an electronic signature do not need to issue a new certificate,” commercial director of the CA Alexey Senchenkov confirmed to Kommersant.
Reportedly, the attack was carried out using the defacement method (substituting an inscription or picture on the website) – on the organization’s websites (uc-osnovanie.ru and iecp.ru) the inscriptions “Your certificates are in good hands” were posted, as well as an announcement that the certificates will subsequently be sold. According to Senchenkov, the attack was carried out from resources in the USA, the Netherlands and Estonia.
As Alexey Korobchenko, head of the cybersecurity department of the Security Code, noted, organizations such as Osnovanie UC have a layered cybersecurity system, including segmentation of the internal corporate network, multi-factor authentication, etc. This is quite enough to ensure reliable data protection.
At the same time, the head of the network technologies department at Angara Security, Denis Bandaletov, warned about possible problems with CRLs – lists of “revoked certificates”, with the help of which the authenticating resource verifies the legitimacy of the connecting user through an electronic signature. If they are unavailable, it is impossible to authenticate on any resource. “Also, the unavailability of the CRL will cause the inoperability of related resources that checked authentication certificates on these portals,” the expert said.