Hackers took documents into circulation – Newspaper Kommersant No. 161 (7362) dated 09/02/2022

The operation of Russian electronic document management systems (EDF) failed due to a large-scale cyber attack. In particular, there were difficulties with the shipment of products to network and local retailers, and the work of educational platforms also slowed down. The government believes that “pro-Ukrainian hackers” are behind the attack. Experts agree that “the handwriting is similar,” warning of a coming increase in attacks in the fall.

On September 1, Russian electronic document management systems were subjected to a massive DDoS attack by foreign hackers (through sending too many requests to the resource before it was disabled according to the “denial of service” model), the affected companies said and confirmed in the Ministry of Industry and Trade. The ministry added that “messages calling for cyberattacks on Russian EDI services have appeared on Ukrainian Telegram channels.”

“Our resources were attacked,” the Tenzor EDI operator confirmed. “There were difficulties with entering the VLSI and working in the system itself, the company notified customers about failures.” The EDF operator Kontur also confirmed the incident and added that they “strengthened technical support with additional employees.”

The attacks occurred on the day of the start of a new phase of labeling of dairy products. Starting September 1, all market participants must transfer information to the system through EDI, and the withdrawal of dairy products from circulation must be recorded through cash registers. As noted in one of the Ukrainian Telegram channels, one of the goals of the attack was to “prevent the receipt of dairy products on store shelves.”

Hackers further complicated the first day of launching the mechanism.

An employee of a large dairy company says that many small non-chain retail stores did not have time to connect to EDI and shipments had to be stopped for them.

For most dairy producers, this is not a key segment, Kommersant’s interlocutor added. According to him, it is still difficult to assess the scale, since the system is just starting up and hacker attacks complicate the process.

The Center for the Development of Advanced Technologies (CRPT, operator of the marking system) told Kommersant that, despite DDoS attacks on EDI services, shipments of marked products continue in full. Chairman of the Presidium of the Association of Retail Companies (includes X5 Group, Magnit, Lenta, Auchan, etc.) Igor Karavaev confirmed that the largest chains “are not experiencing critical supply failures.” Director General of the National Union of Milk Producers (Soyuzmoloko) Artem Belov claims that some large dairy producers have up to 50% of non-chain retail customers not connected to EDI. But the CRPT specifies that “about 90% of the market is already connected and ready.”

Other companies have also been hit by hackers. Sber has notified its customers about possible service failures due to increased attacks on EDI systems.

“This may, among other things, affect the speed of the SberKurs websites, but DDoS attacks only affect Internet services,” the company said in a statement (Kommersant has it). Sber did not respond to a request.

Cybersecurity specialists conduct an examination of the incident. “We see the signature of the same botnets that we have been observing since February 2022,” notes Dmitry Nikonov, head of L7 protection at DDoS-Guard. “Technically, the attacks do not differ from those that we observed earlier. But it is noteworthy that the trend has shifted towards an increase in the number of attacks, and their power and duration have become much less.

The attack turned out to be successful due to the unavailability of the service to process a large number of simultaneous requests to the EDI system, which could have been avoided with proper protection, Ilnaz Gataullin, head of the analytics group at the Informzaschita IZ:SOC Center for Monitoring and Counteracting Cyberattacks, is sure. According to him, the restoration of the systems will not take much time, but if work is not carried out to protect the infrastructure, the incidents will repeat: “In the fall, we expect a revival in cyberspace at the level of spring indicators.”

Tatyana Isakova, Anatoly Kostyrev