Pro-Ukraine hackers claim attack on agency that certifies digital signatures in Russia
The Russian federal organization that certifies digital signatures used by local businesses and individuals is still recovering from a cyberattack that disrupted its services last week.
The hackers claimed to compromise the infrastructure of the agency, known as Osnovanie ("Foundation" in Russian), and defaced its websites, leaving a message that said:
"Your certificates are in safe hands. The proceeds from the sale of your data will be used to support the needs of the Ukrainian armed forces.”
The attackers did not identify themselves, but Ukraine’s military intelligence agency, HUR, claimed responsibility at the end of the week.
The Osnovanie website, allegedly defaced by pro-Ukraine hackers. Image: Ukraine HUR / Telegram
Osnovanie said in a statement last week that the attack only affected the operation of its websites, and that the system for verifying digital signatures was not compromised.
The agency operates across 60 regions in Russia and is accredited by local digital authorities and security services to manage a system of digital signatures that companies and individuals use for business documents, tax filings and other tasks. The page displayed by the hackers showed photos of passports potentially used as part of the signature certification process.
Osnovanie said it had suspended its operation while the investigation into the attack is ongoing. It had promised to resume its work September 12 after “changing security policies, access rights, and account settings.”
However, as of Tuesday, the agency’s websites were still unavailable, and Russian users complained that they could not use Osnovanie’s services. The agency said on its Telegram channel on Tuesday that it is planning to provide more information “in the near future,” without providing further details.
HUR said that it carried out the operation in cooperation with hackers who call themselves “BO Team.”
Previously, HUR said it worked with the group to attack a Russian scientific research center and the online services of Russia's ruling party.
HUR said that the hackers destroyed “terabytes of important data on the company's servers, as well as a database containing 1.5 million electronic digital signatures.” The attackers “intend to put the array of obtained data up for sale,” HUR added.
The hackers’ claims couldn’t be verified. Osnovanie said that the “reports of key compromise are not true” because the cryptographic keys used to create electronic signatures are isolated from both external and internal networks.
“Private keys are stored by users individually on certified storage devices, and only the key and certificate owner has physical access to these devices,” the agency said.
Its commercial director, Alexey Senchenkov, said in a comment to Russian media Kommersant that the attack on Osnovanie originated from servers located in the U.S, the Netherlands and Estonia. The company hasn’t publicly attributed the attack to Ukraine.
Local cyber experts told Russian media that the disruption of Osnovanie’s services could prevent users from being able to authenticate on any platform.
The disruption of Osnovanie’s operation is a rare example of the attack claimed by Ukraine’s military intelligence that had a visible impact on the targeted victim. Ukrainian military hackers frequently announce attacks on Russian targets, which are hard to verify due to the lack of evidence or official statements from Russia.
Earlier in 2022, Osnovanie, as well as other Russian organizations that issue digital signatures, were reportedly targeted by a distributed denial-of-service attack (DDoS) claimed by another hacker group, IT Army of Ukraine.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.