The websites of the center for issuing electronic signatures of the Foundation Center have come under attack and are now unavailable

On the night of September 11, the infrastructure of the center for issuing electronic signatures of the Osnovaniye UC, which includes JSC Analytical Center and JSC Unified ES Portal, was subject to a cyber attack, as a result of which the company’s websites became unavailable, and the process of issuing ES stopped, writes Kommersant “with reference to the center’s statement. At the moment, the sites uc-osnovanie.ru and iecp.ru are still unavailable.

Image source: TheDigitalArtist/Pixabay

The letter published by the company states that “currently, the issuance of new certificates for electronic signature verification keys has been suspended; together with the National Coordination Center for Computer Incidents subordinate to the FSB, an audit of the incident is being conducted, and work is underway to restore the functionality of the certification center.” The resumption of issuing certificates was scheduled for September 12, but so far no progress has been observed.

The letter noted that Analytical Center JSC does not store electronic signature keys, so an attack on its information resources could not affect or compromise clients’ electronic signatures. “The infrastructure associated with the software and hardware complex of the CA was not damaged, it is impossible to talk about compromising the keys, and those who already have an electronic signature do not need to issue a new certificate,” commercial director of the CA Alexey Senchenkov confirmed to Kommersant.

Reportedly, the attack was carried out using the defacement method (substituting an inscription or picture on the website) – on the organization’s websites (uc-osnovanie.ru and iecp.ru) the inscriptions “Your certificates are in good hands” were posted, as well as an announcement that the certificates will subsequently be sold. According to Senchenkov, the attack was carried out from resources in the USA, the Netherlands and Estonia.

As Alexey Korobchenko, head of the cybersecurity department of the Security Code, noted, organizations such as Osnovanie UC have a layered cybersecurity system, including segmentation of the internal corporate network, multi-factor authentication, etc. This is quite enough to ensure reliable data protection.

At the same time, the head of the network technologies department at Angara Security, Denis Bandaletov, warned about possible problems with CRLs – lists of “revoked certificates”, with the help of which the authenticating resource verifies the legitimacy of the connecting user through an electronic signature. If they are unavailable, it is impossible to authenticate on any resource. “Also, the unavailability of the CRL will cause the inoperability of related resources that checked authentication certificates on these portals,” the expert said.

admin

Share
Published by
admin

Recent Posts

A demo of Dispatch, a comedy game about a superhero agency from the former developers of Tales from the Borderlands and The Wolf Among Us, has been released on Steam

Developers from the American AdHoc Studio, founded by former Telltale Games, Ubisoft and Night School…

4 hours ago

Digma DP-FHD800A LCD Full HD Projector Review: A Modern Approach

When you think about a home theater, you immediately imagine bulky projectors with a bunch…

4 hours ago

Lian Li Introduces HydroShift II LCD-C Liquid Cooling System with 360mm Radiator and Three Configurations

Lian Li has introduced a series of maintenance-free liquid cooling systems HydroShift II LCD-C. It…

4 hours ago

Apple: App Store App Developers to Earn $406 Billion in 2024

Amid mounting pressure from U.S. regulators, Apple has released the results of an independent study…

4 hours ago

ASRock Admits Its Motherboards Break Ryzen 9000 Processors

Following a report from YouTube channel Tech Yes City that ASRock linked Ryzen 9000 processor…

4 hours ago

Apple to Change OS Numbering: iOS 26 to Come This Year Instead of iOS 19

Apple is preparing a large-scale rebranding of its line of operating systems. This was reported…

1 day ago