The Russian government has established its own TLS certificate
authority (CA) to address issues with
accessing websites that have arisen in the wake of sanctions
imposed by the west following the country’s unprovoked military
invasion of Ukraine.
According to a message posted on the Gosuslugi[1] public services portal,
the Ministry of Digital Development is expected to provide a
domestic replacement to handle the issuance and renewal of TLS
certificates should they get revoked or expired.
The service is offered to all legal entities operating in
Russia, with the certificates delivered to site owners upon request
within 5 working days.
TLS certificates are used to digitally bind a cryptographic key
to an organization’s details, enabling web browsers to confirm the
domain’s authenticity and ensure that the communication between a
client computer and the target website is secure.
The proposal comes as companies like DigiCert have been restricted[2]
from doing business in Russia following sanctions by Western
nations. “Validation of Russian orders may take longer to be
processed due to extensive checks required for private businesses
and persons; however, we are able to offer all products to this
country,” the company noted[3]
in a revised advisory.
What’s not clear is whether web browsers such as Google Chrome,
Microsoft Edge, Mozilla Firefox, and Apple Safari, intend to accept
the certificates issued by the new Russian certificate authority so
that safe connections to the certified servers can work as
intended.
But according to a tweet[4]
shared by Juan Andres Guerrero-Saade, principal threat researcher
at SentinelOne, the public services agency is recommending the use
of Russian browsers like Yandex and Atom. “To have access to all
sites and the necessary online services, including public services,
we recommend installing browsers that support the Russian
certificate,” the email reads.
This also poses significant risks in that it could be
potentially weaponized to carry out[5]
man-in-the-middle (MitM[6]) on HTTPS sessions
originating from internet users in the nation, enabling the
relevant authorities to intercept, decrypt, and re-encrypt the
traffic passing through its systems.
“This is insane. Is this the full totalitarian
Man-in-the-Middle?,” Guerrero-Saade tweeted[7].
The development also comes close on the heels of disclosures
from Cisco Talos that opportunistic cybercriminals are cashing in
on the ongoing conflict to target unwitting users seeking tools to
carry out their own cyberattacks against Russian entities by
offering malware purporting to be offensive cyber tools.
“The global interest in the conflict creates a massive potential
victim pool for threat actors and also contributes to a growing
number of people interested in carrying out their own offensive
cyber operations,” the researchers said[8].
“These observations serve as reminders that users must be on
heightened alert to increased cyber threat activity as threat
actors look for new ways to incorporate the Russia-Ukraine conflict
into their operations.”
References
Read more https://thehackernews.com/2022/03/russian-pushing-its-new-state-run-tls.html