The NCCC at the NSDC of Ukraine has updated information on cyberattacks on the document management system of state bodies

The National Coordination Center for Cybersecurity at the National Security and Defense Council of Ukraine has detected additional data on cyberattacks using document management systems, which were reported on February 24, this year. These attacks were carried out through the electronic document management system ASKOD.

Additional indicators

Domains

bonitol.ru

mulleti.ru

mullus.ru

sardanal.online

thermop.ru

omyce.ru

butyri.ru

tridiuma.ru

rificum.ru

guill.ru

candidar.ru

lipolys.ru

mondii.ru

subtila.ru

tropisti.ru

IP addresses

188.225.37.128

The cyberattack can be linked to one of Russia's hacker spy groups Pterodo/Gamaredon. Give this, the NCCC recommends, if possible, to block on firewalls and monitor the following ranges of IP addresses commonly used by this group:

176.53.162.0 - 176.53.163.255

188.225.24.0 - 188.225.27.255

188.225.44.0 - 188.225.47.255

188.225.78.0 - 188.225.78.255

188.225.79.0 - 188.225.79.255

2.59.40.0 - 2.59.41.255

2.59.42.0 - 2.59.43.255

92.53.124.0 - 92.53.125.255

185.231.153.0 - 185.231.153.255

5.252.192.0 - 5.252.195.255

141.8.195.0 - 141.8.195.255

91.210.170.0 - 91.210.170.255

5.23.52.0 - 5.23.52.255

As reported previously, the NCCC at the NSDC of Ukraine warns of a cyberattack on the document management system of state bodies.

The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for the circulation of documents in most public authorities.