On the night of September 11, the infrastructure of the electronic signature issuance center, the UTS “Osnovanie”, which includes JSC “Analytical Center” and JSC “Unified Portal EP”, was subjected to a cyber attack, as a result of which the companies’ websites became inaccessible, and the process of issuing EPs ceased, writes “Kommersant” with reference to the center’s statement. At the moment, the sites uc-osnovanie.ru and iecp.ru are still unavailable.
The letter published by the company states that “the issuance of new certificates of electronic signature verification keys is currently suspended, an audit of the incident is being conducted jointly with the NKTsKI (the National Coordination Center for Computer Incidents subordinate to the FSB), and work is underway to restore the functionality of the certification center.” The resumption of issuing certificates was scheduled for September 12, but so far there has been no progress.
The letter notes that JSC Analytical Center does not store keys for electronic signatures, so the attack on its information resources could not affect or compromise the electronic signatures of clients. “The infrastructure associated with the CA hardware and software complex was not damaged, there is no talk of keys being compromised, and those who already have an electronic signature do not need to issue a new certificate,” CA Commercial Director Alexey Senchenkov confirmed to Kommersant.
The attack was reportedly carried out using the defacement method (substitution of a text or image on a website) — the organization’s websites (uc-osnovanie.ru and iecp.ru) were posted with the words “Your certificates are in safe hands” and an announcement that the certificates would subsequently be sold. According to Senchenkov, the attack was carried out from resources in the US, the Netherlands, and Estonia.
As noted by the head of the cybersecurity department of the Security Code, Alexey Korobchenko, organizations such as the Foundation Training Center have a layered cybersecurity system, including segmentation of the internal corporate network, multi-factor authentication, etc. This is quite sufficient to ensure reliable data protection.
At the same time, Denis Bandaletov, head of the network technology department at Angara Security, warned of possible problems with CRLs — lists of “revoked certificates” used by the authenticating resource to check the legitimacy of the user connecting via the EP. If they are unavailable, it is impossible to authenticate on any resource. “Also, the unavailability of CRLs will cause the inoperability of related resources that checked authentication certificates on these portals,” the expert said.
If you notice an error, select it with your mouse and press CTRL+ENTER.