Ukraine has suffered from new cyberattacks, destructive malware

Boston (AP) – On Wednesday, Ukraine’s parliament and other government and banking websites were hit by another wave of distributed denial-of-service attacks, and cybersecurity researchers said unknown assailants also infected hundreds of computers with destructive malware.

Officials have long said they expect cyberattacks to precede and accompany any Russian military invasion, and analysts say the incidents are linked to a nearly 20-year-old Russian textbook on wedding cyber operations with real-world aggression.

ESET Research Laboratory said on Wednesday it discovered a new piece of malware in Ukraine on “hundreds of machines in the country.” However, it was not clear how many networks were affected.

“As for whether the malware was successfully wiped out, we believe it is true, and the affected machines have been cleaned,” said ESET research chief Jean-Jan Buten in response to questions from the Associated Press.

Butin did not name the goal, “to protect the victims, but these were large organizations affected,” he said, adding that although ESET could not say who was responsible, “the attack seems to be linked to the current crisis in Ukraine.”

Vikram Thakur, CTO of Symantec Threat Intelligence, said his clothes were found by three organizations affected by Wiper malware – Ukrainian government contractors in Latvia and Lithuania and a financial institution in Ukraine.

All three had “close ties to the Ukrainian government,” Thakur said, noting that the attacks were not accidental. He said about 50 computers in the financial institution were affected by malware, some of which were erased.

“No comment,” said Viktor Zhora, a senior Ukrainian cyber defense official, when asked about ESET’s discovery.

Buten said the temporary malware tag indicates it was created in late December. He said it was seen only in Ukraine.

“Russia probably planned this for several months, so it’s hard to say how many organizations or agencies were backdoors to prepare for these attacks,” said Chester Wisniewski, chief researcher at cybersecurity firm Sophos. He suggested that the Kremlin intends to use “malware” to “send a message that they have compromised a significant amount of Ukrainian infrastructure, and these are just small pieces to show how widespread their penetration.”

A report of a wiper following a mid-January attack by Ukrainian officials blamed on Russia, in which the hacking of about 70 government websites was used to disguise an intrusion into government networks in which at least two servers were damaged by wiper-disguised malware. extortionists.

Takur said it was too early to say whether a malware attack was detected on Wednesday as serious as the species that damaged servers in January.

Cyberattacks have been a key tool of Russian aggression in Ukraine since 2014, when the Kremlin annexed Crimea and hackers tried to disrupt the election. They were also used against Estonia in 2007 and Georgia in 2008.

Distributed denial-of-service attacks are among the least influential because they do not lead to network intrusions. Such attacks interrupt websites with unnecessary traffic, so they become inaccessible.

DDoS targets on Wednesday included the defense and foreign ministries, the Council of Ministers and Privatbank, the country’s largest commercial bank. Many of the same sites were shut down on February 13-14 as a result of DDoS attacks, which the US and British governments quickly accused of Russia’s military intelligence GRU

DDoS attacks on Wednesday proved less effective than before – with targeted sites soon to be reached again – as emergency response staff blunted them. The office of Zhora, Ukraine’s information protection agency, said the defendants had switched to another DDoS protection service provider.

Doug Medori, director of Internet analysis at network management firm Kentik Inc., recorded two waves of attacks, each lasting more than an hour.

A spokesman for California-based Cloudflare, which provides services to some targeted sites, said DDoS attacks in Ukraine have been sporadic and have increased over the past month, but “relatively modest compared to the large DDoS attacks we’ve handled in the past.”

The West blames the Russian GRU for some of the most harmful cyberattacks of all time, including a couple in 2015 and 2016 that briefly shut down parts of Ukraine’s power grid, and the 2017 NotPetya “wiper” virus, which caused more than $ 10 billion in damage. dollars in the world. by infecting companies doing business in Ukraine with malware that was founded through a tax software update.

Wiper malware detected in Ukraine this year has so far been activated manually, unlike a worm such as NotPetya, which can get out of control across borders.

Source link