The websites of the center for issuing electronic signatures of the Foundation Center have come under attack and are now unavailable

On the night of September 11, the infrastructure of the center for issuing electronic signatures of the Osnovaniye UC, which includes JSC Analytical Center and JSC Unified ES Portal, was subject to a cyber attack, as a result of which the company’s websites became unavailable, and the process of issuing ES stopped, writes Kommersant “with reference to the center’s statement. At the moment, the sites uc-osnovanie.ru and iecp.ru are still unavailable.

Image source: TheDigitalArtist/Pixabay

The letter published by the company states that “currently, the issuance of new certificates for electronic signature verification keys has been suspended; together with the National Coordination Center for Computer Incidents subordinate to the FSB, an audit of the incident is being conducted, and work is underway to restore the functionality of the certification center.” The resumption of issuing certificates was scheduled for September 12, but so far no progress has been observed.

The letter noted that Analytical Center JSC does not store electronic signature keys, so an attack on its information resources could not affect or compromise clients’ electronic signatures. “The infrastructure associated with the software and hardware complex of the CA was not damaged, it is impossible to talk about compromising the keys, and those who already have an electronic signature do not need to issue a new certificate,” commercial director of the CA Alexey Senchenkov confirmed to Kommersant.

Reportedly, the attack was carried out using the defacement method (substituting an inscription or picture on the website) – on the organization’s websites (uc-osnovanie.ru and iecp.ru) the inscriptions “Your certificates are in good hands” were posted, as well as an announcement that the certificates will subsequently be sold. According to Senchenkov, the attack was carried out from resources in the USA, the Netherlands and Estonia.

As Alexey Korobchenko, head of the cybersecurity department of the Security Code, noted, organizations such as Osnovanie UC have a layered cybersecurity system, including segmentation of the internal corporate network, multi-factor authentication, etc. This is quite enough to ensure reliable data protection.

At the same time, the head of the network technologies department at Angara Security, Denis Bandaletov, warned about possible problems with CRLs – lists of “revoked certificates”, with the help of which the authenticating resource verifies the legitimacy of the connecting user through an electronic signature. If they are unavailable, it is impossible to authenticate on any resource. “Also, the unavailability of the CRL will cause the inoperability of related resources that checked authentication certificates on these portals,” the expert said.

admin

Share
Published by
admin

Recent Posts

FTC’s ‘One-Click Unsubscribe’ Rule Delayed Again, But Not for Long

The US Federal Trade Commission (FTC) has delayed a rule that would require companies to…

12 hours ago

KIBORG: left – crown, right – augmented. Review

Played on PC Developers from Sobaka Studio have built a reputation for themselves as authors…

14 hours ago

A simple and reliable speedometer for satellites has been invented in the USA

Satellites move in orbit at speeds of thousands of kilometers per hour, and without precise…

18 hours ago

Schoolchildren are starting to stick metal objects into Chromebook ports en masse for TikTok likes

A dangerous new TikTok challenge has gone viral in which American schoolchildren are deliberately damaging…

18 hours ago

Apple is developing powerful Baltra processors for AI servers, as well as consumer M5, M6 and M7

Apple is developing processors for data centers that will serve requests from Apple Intelligence artificial…

19 hours ago

Despelote — goo-o-o-o-o-o-o-o-o-o-ol! Review

One of my first memories (or perhaps the very first one – is it possible…

2 days ago