The NCCC at the NSDC of Ukraine has updated information on cyberattacks on the document management system of state bodies
The National Coordination Center for Cybersecurity at the National Security and Defense Council of Ukraine has detected additional data on cyberattacks using document management systems, which were reported on February 24, this year. These attacks were carried out through the electronic document management system ASKOD.
Additional indicators
Domains
bonitol.ru
mulleti.ru
mullus.ru
sardanal.online
thermop.ru
omyce.ru
butyri.ru
tridiuma.ru
rificum.ru
guill.ru
candidar.ru
lipolys.ru
mondii.ru
subtila.ru
tropisti.ru
IP addresses
188.225.37.128
The cyberattack can be linked to one of Russia's hacker spy groups Pterodo/Gamaredon. Give this, the NCCC recommends, if possible, to block on firewalls and monitor the following ranges of IP addresses commonly used by this group:
176.53.162.0 - 176.53.163.255
188.225.24.0 - 188.225.27.255
188.225.44.0 - 188.225.47.255
188.225.78.0 - 188.225.78.255
188.225.79.0 - 188.225.79.255
2.59.40.0 - 2.59.41.255
2.59.42.0 - 2.59.43.255
92.53.124.0 - 92.53.125.255
185.231.153.0 - 185.231.153.255
5.252.192.0 - 5.252.195.255
141.8.195.0 - 141.8.195.255
91.210.170.0 - 91.210.170.255
5.23.52.0 - 5.23.52.255
As reported previously, the NCCC at the NSDC of Ukraine warns of a cyberattack on the document management system of state bodies.
The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for the circulation of documents in most public authorities.