Gee, tanks: Russian hackers DDoS Germany for aiding Ukraine
Also: a week of leaks; Riot Games says 'LoL' to source code ransom demands; and Yandex source also appears online
in brief Russian hackers have proved yet again how quickly cyber attacks can be used to respond to global events with a series of DDoS attacks on German infrastructure and government websites in response to the country's plan to send tanks to Ukraine.
The efforts, according to Germany's cyber security agency, the BSI, were largely in vain. "Currently, some websites are not accessible. There are currently no indications of direct effects on the respective services and, according to the BSI's assessment, these are not to be expected," the BSI declared.
Germany announced the transfer of 14 Leopard 2 A6 tanks to Ukraine on Wednesday, jointly with the US saying it would send 31 M1 Abrams tanks to the besieged nation. Germany reportedly refused to send tanks without the US making a similar offer, in hopes that might head off a Russian response.
Cyber security firm Cado Security said it spotted chatter on Russian-language Telegram channels belonging to hacking group Killnet, urging other hackers to unite to attack Germany. Killnet previously attempted to DDoS the US Treasury, to little effect.
Groups claiming to be Anonymous Russia and Anonymous Sudan claimed to have DDoSed websites belonging to several German airports, the German foreign intelligence service and the German cabinet.
Cado said its researchers also saw reports of attacks against financial institutions, the German customs service and law enforcement agencies – though it said several of the websites the attackers claimed to take down remained reachable.
"Most seemed to have been restored quickly and were accessible at the time of writing," Cado reported. It's unclear if the groups launched any attacks against US interests in response to the tank trade, but governments – even those not directly involved – are still on high alert for wider attacks by Russia in retaliation.
The Kremlin has denied any knowledge of "what Killnet is."
Pay us or we start a source code Riot
Riot Games, maker of popular titles like League of Legends and Teamfight Tactics, announced that hackers who stole some of its source code have demanded a ransom to keep it from being leaked online. It also said it won't pay.
Riot wrote in a Twitter thread that its development environment was hacked last week – attacks severe enough to affect patch cadence and content releases. After a weekend of investigation, Riot said it confirmed that the source code for the aforementioned games "and a legacy anticheat platform" had been exfiltrated.
Riot said no player information was compromised, but admitted that experimental features and new game modes would be exposed once the hackers published the stolen code.
"Any exposure of source code can increase the likelihood of new cheats emerging. Since the attack, we've been working to assess its impact on anticheat and to be prepared to deploy fixes as quickly as possible if needed," Riot assured users.
Riot claimed it expected to have its systems repaired "later in the week," though it hasn't published an update on the issue since Tuesday. The developer said regular patches would resume shortly, and that it would soon release a full report on the attack, "the areas where Riot's security controls failed, and the steps we're taking to ensure this doesn't happen again."
- Microsoft to enterprises: Patch your Exchange servers
- UK Cyber Security Centre's scary new story: One phish, two phish, Russia phish, Iran phish
- Smart ovens do really dumb stuff to check for Wi-Fi
- IPv6 for Dummies: NSA pushes security manual on DoD admins
Also leaking this week: Russia's Google, Yandex
Some 44 gigabytes of data was posted to BreachForums earlier this week, with the poster claiming it to be the source code for a number of Yandex software products. According to a software engineer who has reviewed the files, that appears to be the case.
Software developer Arseniy Shestakov published the results of "my friend" looking at the leaked code (sure, Arseniy) which he said appears to date to February 24, 2022, and is mostly just code without pre-built binaries.
Still, Shestakov said it included the source code for Yandex services including its search engine and indexing bot, maps service, its AI assistant Alice, an Uber-like taxi service, email, cloud storage, ecommerce market and more.
Shestakov said he has never worked at Yandex, but knows several people who have, and still do. "I verified that at least some of [the] archives for sure contain modern source code for company services as well as documentation pointing to real intranet URLs," Shestakov said.
In an email, Yandex representatives admitted to The Register that some internal code had been exposed, but said it hadn't been hacked. "Our security team found code fragments from an internal repository in the public domain, but the content is outdated and differs from the current version of the company's repository. We are still investigating the issue," Yandex told us.
The company has said elsewhere that a former employee was behind the code exposure.
In light of sanctions targeting Russian companies for the country's illegal invasion of Ukraine, Yandex has been in the process of relocating elsewhere and selling off its Russian assets. Since announcing its plans, a Putin ally and former head of Russia's Audit Chamber has joined the company to aid in its relocation – hopefully for its sake not out a window. ®