The websites of the center for issuing electronic signatures of the Foundation Center have come under attack and are now unavailable

On the night of September 11, the infrastructure of the center for issuing electronic signatures of the Osnovaniye UC, which includes JSC Analytical Center and JSC Unified ES Portal, was subject to a cyber attack, as a result of which the company’s websites became unavailable, and the process of issuing ES stopped, writes Kommersant “with reference to the center’s statement. At the moment, the sites uc-osnovanie.ru and iecp.ru are still unavailable.

Image source: TheDigitalArtist/Pixabay

The letter published by the company states that “currently, the issuance of new certificates for electronic signature verification keys has been suspended; together with the National Coordination Center for Computer Incidents subordinate to the FSB, an audit of the incident is being conducted, and work is underway to restore the functionality of the certification center.” The resumption of issuing certificates was scheduled for September 12, but so far no progress has been observed.

The letter noted that Analytical Center JSC does not store electronic signature keys, so an attack on its information resources could not affect or compromise clients’ electronic signatures. “The infrastructure associated with the software and hardware complex of the CA was not damaged, it is impossible to talk about compromising the keys, and those who already have an electronic signature do not need to issue a new certificate,” commercial director of the CA Alexey Senchenkov confirmed to Kommersant.

Reportedly, the attack was carried out using the defacement method (substituting an inscription or picture on the website) – on the organization’s websites (uc-osnovanie.ru and iecp.ru) the inscriptions “Your certificates are in good hands” were posted, as well as an announcement that the certificates will subsequently be sold. According to Senchenkov, the attack was carried out from resources in the USA, the Netherlands and Estonia.

As Alexey Korobchenko, head of the cybersecurity department of the Security Code, noted, organizations such as Osnovanie UC have a layered cybersecurity system, including segmentation of the internal corporate network, multi-factor authentication, etc. This is quite enough to ensure reliable data protection.

At the same time, the head of the network technologies department at Angara Security, Denis Bandaletov, warned about possible problems with CRLs – lists of “revoked certificates”, with the help of which the authenticating resource verifies the legitimacy of the connecting user through an electronic signature. If they are unavailable, it is impossible to authenticate on any resource. “Also, the unavailability of the CRL will cause the inoperability of related resources that checked authentication certificates on these portals,” the expert said.

admin

Share
Published by
admin

Recent Posts

World’s Richest Lose $208 Billion in One Day Due to New US Tariffs

What kind of shocks the new US tariff policy will cause to the global economy…

5 hours ago

Cyclotech flies agile flying car with rotor ‘barrels’ instead of propellers for the first time

Austrian company Cyclotech has prepared a prototype of a flying car with unusual engines for…

5 hours ago

“I’m going to cry tears of happiness”: Apex Legends dataminers claim that Titanfall 3 is alive and will be released in 2026

Fans of Respawn Entertainment's sci-fi shooters Titanfall have already come to terms with the fact…

6 hours ago

SpaceX to Launch Starship for the First Time on Used Super Heavy Booster

On April 3, 2025, SpaceX conducted a static fire test of the Super Heavy booster,…

6 hours ago

Windows 11 Will Soon Get a Redesigned Start Menu That Can Be Customized

According to online sources, Microsoft is working on a major update to the Windows 11…

6 hours ago