Russian cyber team attacks computers in Ukraine before starting war

A newly discovered piece of destructive software has hit computers in Ukraine, according to researchers at the cybersecurity firm ESET.
Laptop issues and fix
In a series of statements posted to Twitter, the company said that the data wiping program had been installed on hundreds of machines in the country, Reuters reported.

Vikram Thakur of cybersecurity firm Symantec, which is also looking into the attacks, told Reuters that infections had spread widely.

There was activity across Ukraine, Latvia and Lithuania.

Who is responsible for the wiper is unclear, though suspicion immediately fell on Russia, which has been accused of launching data-scrambling hacks against Ukraine and other countries. Russia has denied the allegations.

Ukraine has already been repeatedly hit by hackers in the past few weeks as Russia has massed troops around its borders.

Cybersecurity experts are racing to pick apart the malicious program, a copy of which was uploaded to the Alphabet-owned crowdsourced cybersecurity site VirusTotal, to see what its capabilities were.

Researchers found that the wiping software appeared to have been digitally signed with a certificate issued to an obscure Cypriot company called Hermetica Digital.

Because operating systems use code-signing as an initial check on software, such a certificate might have been designed to help the rogue program dodge anti-virus protections. Getting such a certificate under false pretences – or stealing it – isn’t impossible, but it’s generally the sign of a “sophisticated and targeted” operator, said Brian Kime, a vice president at U.S. cybersecurity firm ZeroFox.

Contact details for Hermetica – which was set up in the Cypriot capital, Nicosia, almost a year ago, were not immediately available. The company did not appear to have a website.

Earlier on Wednesday the websites of Ukraine’s government, foreign ministry and state security service were down in what the government said was the start of another denial of service (DDoS) attack.

The websites of the Ukrainian Cabinet of Ministers, and the ministries of foreign affairs, infrastructure, education and others, were experiencing disruptions, CNN reported.

“At about 4 pm, another mass DDoS attack on our state began. We have relevant data from a number of banks,” said Mykhailo Fedorov, Minister of Digital Transformation, adding that the parliament website was also hit.

He did not mention which banks were affected and the central bank could not immediately be reached for comment.

In a statement, Ukraine’s data protection watchdog said that hacks were on the upswing.

“Phishing attacks on public authorities and critical infrastructure, the spread of malicious software, as well as attempts to penetrate private and public sector networks and further destructive actions have intensified,” it said in an email.

Last week, the online networks of Ukraine’s defence ministry and two banks were overwhelmed in a separate intrusion. The U.S. company Netscout Systems later said the impact had been modest.

U.S. Senate Intelligence Committee Chairman Mark Warner, speaking to Reuters before news of the wiper was made public, said the denial of services actions against Ukraine were still well short of what Russia could potentially unleash.

Related News

Latest News

Latest News