The Russian government has established its own TLS certificate authority (CA) to address issues with accessing websites that have arisen in the wake of sanctions imposed by the west following the country’s unprovoked military invasion of Ukraine.
According to a message posted on the Gosuslugi public services portal, the Ministry of Digital Development is expected to provide a domestic replacement to handle the issuance and renewal of TLS certificates should they get revoked or expired.
The service is offered to all legal entities operating in Russia, with the certificates delivered to site owners upon request within 5 working days.
TLS certificates are used to digitally bind a cryptographic key to an organization’s details, enabling web browsers to confirm the domain’s authenticity and ensure that the communication between a client computer and the target website is secure.
The proposal comes as companies like DigiCert have been restricted from doing business in Russia following sanctions by Western nations. Cybersecurity firms Avast, ESET, Fortinet, and Imperva have also suspended operations in Russia and Belarus over the Kremlin’s invasion of Ukraine.
“In response to the evolving geopolitical situation in Ukraine, DigiCert is pausing issuance and reissuance of all certificate types affiliated with Russia and Belarus. This includes suspending issuance and reissuance of certificates to TLDs related to Russia and Belarus, as well as to organizations with addresses in Russia or Belarus,” the public key infrastructure (PKI) provider noted in an advisory.
This includes suspending issuance and reissuance of certificates to top-level domains (TLDs) related to Russia and Belarus, counting .by, .moscow, .ru, .ru.com, .ru.net, .su, .tatar, .бел, .москва, .рус, and .рф.
What’s not clear is whether web browsers such as Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari, intend to accept the certificates issued by the new Russian certificate authority so that safe connections to the certified servers can work as intended.
But according to a tweet shared by Juan Andres Guerrero-Saade, principal threat researcher at SentinelOne, the public services agency is recommending the use of Russian browsers like Yandex and Atom. “To have access to all sites and the necessary online services, including public services, we recommend installing browsers that support the Russian certificate,” the email reads.
This also poses significant risks in that it could be potentially weaponized to carry out man-in-the-middle (MitM) on HTTPS sessions originating from internet users in the nation, enabling the relevant authorities to intercept, decrypt, and re-encrypt the traffic passing through its systems.
“This is insane. Is this the full totalitarian Man-in-the-Middle?,” Guerrero-Saade tweeted.
The development also comes close on the heels of disclosures from Cisco Talos that opportunistic cybercriminals are cashing in on the ongoing conflict to target unwitting users seeking tools to carry out their own cyberattacks against Russian entities by offering malware purporting to be offensive cyber tools.
“The global interest in the conflict creates a massive potential victim pool for threat actors and also contributes to a growing number of people interested in carrying out their own offensive cyber operations,” the researchers said.
“These observations serve as reminders that users must be on heightened alert to increased cyber threat activity as threat actors look for new ways to incorporate the Russia-Ukraine conflict into their operations.”
Go to Cybersecurity Knowledge Base
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.
