Cyber attack: Ukraine points finger at Russian security services over malware virus

CERT-LatestNews Malware Security News ThreatsCybercrime ThreatsStrategic Uncategorized

Updated July 02, 2017 09:06:08

Ukraine has accused Russian security services of being involved in a major cyber attack that locked up computers around the world, disrupting businesses from Mumbai to Los Angeles and halting production at a Cadbury factory in Australia.

Key points:

  • Ukraine says the attack bares similarities to other recent cyber attacks by Russia
  • Experts say the ransom was a cover up for the real motive: destruction and disruption
  • The findings chime with those of American and European cyber experts

The Ukrainian security agency, known as the SBU, alleged in a statement that similarities between Tuesday’s malicious software and previous attacks on Ukrainian infrastructure showed the participation of the Russian intelligence services.

The SBU added the attackers appeared uninterested in making a profit from the ransomware program and were more focused on sowing chaos in Ukraine.

“The available data, including those obtained in cooperation with international antivirus companies, give us reason to believe that the same hacking groups are involved in the attacks, which in December 2016 attacked the financial system, transport and energy facilities of Ukraine using TeleBots and BlackEnergy,” the SBU said.

“This testifies to the involvement of the special services of Russian Federation in this attack.”

There was no immediate official response from the Russian Government, but Russian politician Igor Morozov told reporters that the Ukrainian charges were “fiction” and that the attacks were likely the work of the United States.

Ukraine was the country hardest hit by the attack that started on Tuesday, when computers at government agencies, energy companies and cash machines were temporarily disabled as their data was encrypted amid demands for ransom payments.

Russian companies, including the state-owned oil giant Rosneft, also said they were hit by the cyberattack, leading some cyber security researchers to suggest that Moscow was not behind it — most of the organisations affected by the attack recovered within 48 hours.

The malicious code in the virus encrypted data on computers, and demanded victims pay a $US300 ($395) ransom, similar to the extortion tactic used in a global WannaCry ransomware attack in May.

But Ukrainian officials and some security experts said the ransomware feature was likely a smokescreen.

The SBU’s accusations chimed with some of the findings of American experts as well as cyber security firm ESET in Slovakia.

‘Enrichment was not the aim of the attack’: SBU

Relations between Ukraine and Russia went into freefall after Moscow’s annexation of Crimea in 2014 and the subsequent outbreak of a Kremlin-backed separatist insurgency in eastern Ukraine that has killed more than 10,000 people.

Hacking Ukrainian state institutions was part of what Ukraine said was a “hybrid war” by Russia on Kiev.

The SBU in an earlier statement on Friday said it had seized equipment it said belonged to Russian agents in May and June to launch cyber attacks against Ukraine and other countries.

Referencing the $US300 ransomware demand, the SBU said “the virus is cover for a large-scale attack on Ukraine”.

“This is evidenced by a lack of a real mechanism for taking possession of the funds … enrichment was not the aim of the attack.

“The main purpose of the virus was the destruction of important data, disrupting the work of public and private institutions in Ukraine and spreading panic among the people.”

A cyber attack in December on a Ukrainian state energy computer caused a power cut in the northern part of the capital Kiev.

Ukraine has repeatedly accused Russia of sponsoring hacking attacks, including the hack of Ukraine’s voting system ahead of 2014 national election and an assault that knocked its power grid offline in 2015.


Topics: hacking, government-and-politics, ukraine

First posted July 02, 2017 00:06:28