The war between Russia and Ukraine goes “Cyber”, with several ongoing cyber-attacks from the Russian side, targeting Ukraine’s banks and government department websites.
A cyber report published by intelligence agencies in the UK and US on Wednesday has attributed insidious new malware to a notorious Russia-backed hacking group.
The joint research was published by the National Cyber Security Centre in the UK and US agencies including the National Security Agency. It warned that a Russian state-backed hacker group known as Sandworm had developed a new type of malware called Cyclops Blink,which targets firewall devices made by the manufacturer Watchguard to protect computers against hacks.
Cybersecurity firm ESET said it had discovered new “wiper” malware targeting Ukrainian organizations. Such software aims to erase data from the systems it targets.
Wiper Malware Analysis
Previous Cyber Attacks to Ukraine Attributed to GRU
Another attack which took place last week and took down four Ukrainian government websites, was attributed to the GRU, the Russian military intelligence agency by U.S. and U.K. officials.
Attack on Power Grids
In December 2015, the GRU targeted Ukraine’s industrial control systems networks with destructive malware. This caused power outages in the western Ivano-Frankivsk region. About 700,000 homes were left without power for about six hours.
This happened again in December 2016. Russia developed a custom malware called CrashOverride to target Ukraine’s power grid. An estimated one-fifth of Kiev’s total power capacity was cut for about an hour.
NotPetya Used by GRU
In 2020, US officials charged six Russian GRU officers for deploying the NotPetya ransomware. This ransomware affected computer networks worldwide, targeting hospitals and medical facilities in the United States, and costing more than US$1 billion in losses.
NotPetya was also used against Ukrainian government ministries, banks and energy companies, among other victims. The US Department of Justice called it “some of the world’s most destructive malware to date”.
Attacks on Exchange Servers
In January 2021, another Russia-sponsored attack took place, targeting Echange servers and provided hackers access to email accounts and associated networks all over the world, including in Ukraine, the US and Australia.
Scare Tactics to Civilians
Ukrainian residents reported receiving fake text messages saying ATMs in the country did not work, which according to experts likely a scare tactic. Due to this, many citizens scrambled to withdraw money, which caused panic and uncertainty.
Many Countries Around the World to Aid Ukraine in Cyber Security
The White House said on Wednesday that it was in touch with Ukrainian authorities about their cybersecurity needs, in the wake of the fresh cyber-attack, which the US government has not yet attributed.
“We are in conversations with Ukraine regarding their cyber-related needs including as recently as today and we’re going to move with urgency to assess the nature and extent of this, what steps need to be taken, and therefore a response,” the White House press secretary, Jen Psaki, said.
Six European Union countries (Lithuania, Netherlands, Poland, Estonia, Romania and Croatia) are sending cyber security experts to help Ukraine deal with these threats.
Australia has also committed to providing cyber security assistance to the Ukrainian government, through a bilateral Cyber Policy Dialogue. This will allow for exchanges of cyber threat perceptions, policies and strategies. Australia has also said it will provide cyber security training for Ukrainian officials.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.
