Ukraine’s parliament, as well as other government and banking websites, were targeted by another wave of distributed-denial-of-service attacks on Wednesday, according to cybersecurity researchers, who also said unidentified attackers infected hundreds of computers with destructive malware, the Associated Press reported. According to the researchers, some of the infected computers were in neighbouring Latvia and Lithuania.
The report said ESET Research Labs discovered a previously unseen piece of data-wiping malware on “hundreds of machines across the country” on Wednesday, adding that it was unclear how many networks had been affected.
“With regards whether the malware was successful in its wiping capability, we assume that this indeed was the case and affected machines were wiped,” said ESET research chief Jean-Ian Boutin. He would not name the targets but said they were “large organizations.” ESET was unable to say who was responsible.
According to Vikram Thakur, Symantec Threat Intelligence’s technical director, the wiper malware infected three organisations: Ukrainian government contractors in Latvia and Lithuania, as well as a Ukrainian financial institution, the AP reported. Both countries are members of NATO. “The attackers have gone after these targets with little regard for where they may be physically located,” he said.
Thakur told AP that all three targets had “close affiliation with the government of Ukraine,” and Symantec believed the attacks were “highly targeted.” He stated that approximately 50 computers at the financial firm were impacted, with some having data wiped. When asked about the wiper attack, Victor Zhora, a senior Ukrainian cyber defence official, had no comment.
Cyber Space War
With tensions flaming up in Russia and Ukraine, and the West in the fray, there is a lot to watch out for in terms of possible cyber attacks by the country, which has been connected to similar operations in the past — NotPetya and WannaCry in 2017.
This time around, however, these could spill over globally, according to reports, prompting a cyberwar on a bigger scale than ever seen before. News18 takes a deeper look into the issue:
The Now: Operation ‘Bleeding Bear’ and WhisperGate
Earlier this month, Ukraine’s defense ministry networks and two banks were knocked offline, with Ukraine’s information security center pointing the finger at neighboring Russia.
In another attack, last month, approximately 70 Ukrainian government websites were defaced, and the hackers disseminated ominous messages in Ukrainian, Russian, and sloppy Polish, according to a report by NPR.
It appeared to be a large-scale attack, but it only affected one content management system for all of those websites, Jenna Mclaughlin said, adding that according to cyber security experts, it was a fairly ‘unsophisticated’ operation, linked to a hacking group with ties to Belarus and the Russian military.
McLaughlin further mentioned that potentially destructive malware was also discovered on devices belonging to several Ukrainian companies and agencies by Microsoft. The hackers disguised it as ransomware, but when activated, it wipes data and renders devices inoperable, she had said, adding that the data attacked would not be recovered.
She flagged that Ukrainian authorities had also informed of hackers looking for vulnerabilities in the energy sector, which could be ‘potentially more concerning’. The report mentions that Ukrainian officials have blamed Russia for both attacks, in their Operation called ‘Bleeding Bear’. The code of the attacks is being studied by researchers worldwide, it says.
Experts said that the malware, called ‘WhisperGate’ is also “reminiscent” of NotPetya, but added that there were structural differences between both. NotPetya also pretended to be ransomware, but it was a purely destructive and highly viral piece of code. While WhisperGate followed a similar operation, it is less sophisticated and is not intended to spread as quickly. Russia has denied any involvement, and no conclusive evidence points to Moscow, said a report by MIT Technology Review.
John Hultquist, head of intelligence for the cybersecurity firm Mandiant predicts similar cyber operations by Russia’s military intelligence agency GRU, the organisation responsible for many of the most aggressive hacks in history, both inside and outside Ukraine, the report says.
The report mentions that the GRU’s most notorious hacking group, Sandworm, is credited with a long list of greatest hits, including the 2015 Ukrainian power grid hack, the 2017 NotPetya hacks, interference in US and French elections, and the Olympics opening ceremony hack in the aftermath of a Russian doping scandal that resulted in the country being barred from participating in the games.
The Then: NotPetya, Ukrainian Power Grid Hack
The 2017 NotPetya cyberattack was aimed at Ukrainian private companies before spreading and destroying systems all over the world. Andy Greenberg, senior writer for WIRED previously said: “Ukraine has been locked in a grinding, undeclared war with Russia for the past four and a half years, killing over 10,000 Ukrainians and displacing millions more. The conflict has also seen Ukraine become a scorched-earth testing ground for Russian cyberwar tactics.”
“In 2015 and 2016, while the Kremlin-linked hackers known as Fancy Bear were busy breaking into the US Democratic National Committee’s servers, another group of agents known as Sandworm was hacking into dozens of Ukrainian governmental organisations and companies. They penetrated the networks of victims ranging from media outlets to railway firms, detonating logic bombs that destroyed terabytes of data. In this conflict between the two nations, the Russian hackers, in June 2017 came out with one of the most devastating cybersecurity breaches to attack networks of victims via encrypted code, ranging from media outlets to railway firms, detonating logic bombs that destroyed terabytes of data. This idea of destruction gave birth to NotPetya, a much bigger threat to the world than the infamous Wannacry malware,” Greenberg said in an excerpt of his book Sandworm, which chronicled the birth of cyberattack.
The author said the malware spread not only to its intended victim, Ukraine, but also to numerous machines around the world, ranging from hospitals in Pennsylvania to a chocolate factory in Tasmania. It ate into multinational corporations such as Maersk, pharmaceutical behemoth Merck, FedEx’s European subsidiary TNT Express, French construction behemoth Saint-Gobain, and FMCG behemoths Mondelez and Reckitt Benckiser. And, as its creators had not anticipated, NotPetya spread back to Russia, wreaking havoc on the state oil company Rosneft.
According to confirmation received by WIRED from former Homeland Security adviser Tom Bossert, the total loss in damages from this attack was more than $10 billion. During the investigation and study of the malware, Bossert was the most senior cybersecurity-focused official in the administration of US President Donald Trump. Even the infamous WannaCry ransomware, which spread a month before NotPetya in May 2017, was estimated to cost between $4 billion and $8 billion.
In another concerning attack, on December 23, 2015, a cyberattack on Ukraine’s power grid resulted in power outages for approximately 230,000 Ukrainians for 1-6 hours. The attack occurred during Russia’s ongoing military intervention in Ukraine and is attributed to “Sandworm”. It was the first successful cyberattack on a power grid that has been publicly acknowledged.
The hackers compromised the information systems of three Ukrainian energy distribution companies, causing the electricity supply to be temporarily disrupted. According to reports, 30 substations (7 110kv substations and 23 35kv substations) were turned off, leaving approximately 230,000 people without power for 1 to 6 hours.
The US is Also Alert, and Further Cyber Attacks Could Have Global Ramifications
US agencies on Wednesday issued a warning to US-cleared defence contractors (CDCs) about possible cyberattacks by Russian state-sponsored actors, Reuters reported. According to a joint advisory issued by the Federal Bureau of Investigation, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency (CISA), such cyber targeting was observed from at least January 2020 to February 2022.
“These ongoing intrusions have enabled the actors to obtain sensitive, unclassified information, as well as CDC-proprietary and export-controlled technology,” according to the advisory.
The agencies urged all cleared defence contractors to take the recommended countermeasures regardless of whether they have been compromised.
The DHS intelligence bulletin suggested that if Russia invades Ukraine, a US or NATO response to the invasion could prompt Russia to launch a cyber offensive against US targets, Venture beat said in a report, adding that according to the January 23 bulletin, the attacks could range from “low-level denials of service to destructive attacks targeting critical infrastructure.”
Regulators in Europe and the United States had also earlier warned banks that Russian cyberattacks related to Ukraine tensions posed an imminent threat and urged them to prepare, Reuters had reported.
With inputs from Reuters, Associated Press
The story has been updated to reflect updates after Russia’s actions in Ukraine.
Read all the Latest News , Breaking News , watch Top Videos and Live TV here.
Comments
0 comment