Russian hackers DDoS Germany to help Ukraine • The Register
in short pull Russian hackers have once again proven how quickly cyberattacks can be used to respond to global incidents with a series of DDoS attacks on German infrastructure and government websites in response to the country’s plan to send tanks to Ukraine.
The effort, according to Germany’s cyber security agency, BSI, was largely in vain. “Currently, some websites are not available. There are currently no indications of direct effects on the respective services and, in BSI’s assessment, these are not expected,” BSI declared.
Germany announced the transfer of 14 Leopard 2 A6 tanks to Ukraine on Wednesday, along with the United States saying it would send 31 M1 Abrams tanks to the beleaguered nation. Germany is said to have refused to send tanks without the US making a similar offer, hoping it would deflect a Russian response.
Cyber security firm Cado Security said it detected chatter on Russian-language Telegram channels belonging to the hacker group Killnet and called on other hackers to join forces to attack Germany. Killnet previously attempted to DDoS the US Treasury Department, with little effect.
Groups claiming to be Anonymous Russia and Anonymous Sudan claimed to have DDoSed websites belonging to several German airports, the German Foreign Intelligence Service and the German Cabinet.
Cado said the researchers also saw reports of attacks against financial institutions, German customs and law enforcement agencies – although it said several of the websites the attackers claimed to take down remained accessible.
“Most appeared to have been restored quickly and were available at the time of writing,” Cado reported. It is unclear whether the groups launched any attacks against US interests in response to the tanker trade, but governments – even those not directly involved – remain on high alert for wider attacks by Russia in retaliation.
The Kremlin has denied any knowledge of “what Killnet is.”
Pay us or we’ll start a source code Riot
Riot Games, producer of popular titles such as League of Legends and Teamfight tactics, announced that hackers who stole some of the source code have demanded a ransom to prevent it from being leaked online. It also said that it will not pay off.
Riot wrote in a Twitter thread about the development environment being hacked last week – attacks severe enough to affect patch cadence and content releases. After a weekend of investigation, Riot said so confirmed that the source code for the aforementioned games “and a legacy anticheat platform” had been exfiltrated.
Riot said no player information was compromised, but admitted that experimental features and new game modes would be revealed once the hackers published the stolen code.
“Any exposure of source code can increase the likelihood of new cheats appearing. Since the attack, we’ve been working to assess the impact on anticheat and to be prepared to deploy fixes as quickly as possible if necessary,” Riot assured users.
Riot claimed it expected to have the systems repaired “later this week”, although it has not published an update on the issue since Tuesday. The developer said regular updates will resume shortly, and that it will soon release a full report on the attack, “the areas where Riot’s security controls failed, and the steps we’re taking to ensure this doesn’t happen again.”
Also leaking this week: Russia’s Google, Yandex
About 44 gigabytes of data was posted to BreachForums earlier this week, with the poster claiming it is the source code for a number of Yandex software products. According to a software engineer who reviewed the files, that appears to be the case.
Software developer Arseniy Shestakov published the results of “my friend” looking at the leaked code (sure, Arseniy) which he said appears to date to February 24, 2022, and is mostly just code without pre-built binaries.
Still, Shestakov said it included the source code for Yandex services, including the search engine and indexing bot, the map service, the AI assistant Alice, an Uber-like taxi service, e-mail, cloud storage, e-commerce marketplace and more.
Shestakov said that he has never worked in Yandex, but knows several people who have, and still do. “I confirmed that at least some of the [the] Archives are guaranteed to contain modern source code for enterprise services as well as documentation pointing to real intranet URLs,” Shestakov said.
In an email, Yandex representatives admitted The register that some internal code had been exposed but said it had not been hacked. “Our security team found code fragments from an internal archive in the public domain, but the content is outdated and differs from the current version of the company’s archive. We are still investigating the issue,” Yandex told us.
The company has said elsewhere that a former employee was behind the code exposure.
In light of sanctions targeting Russian companies for the country’s illegal invasion of Ukraine, Yandex has been moving elsewhere and selling its Russian assets. Since the announcement of the plans, a Putin ally and former head of Russia’s Audit Chamber has joined the company to help with the move – hopefully for its sake not out a window. ®