SBU exposes Russian origin of recent cyberattacks on governmental, infrastructural information systems
Ukraine’s Security Service said on Dec. 30 it has stopped Russian hackers from breaking into the computer systems of a range of Ukrainian government bodies and critical infrastructure, according to the Kyiv Post.
In autumn this year, hackers sent out emails with malware to state institutions and agencies, regional bodies of local government, state enterprises of critical infrastructure. The wrongdoers used Russian servers to carry out the attacks, the Kyiv Post wrote, citing the SBU press service.
Each “phishing” email contained an attachment with malware that infected computers as soon as it was downloaded. It encrypted hard-drives and placed an announcement on the desktop to pay a ransom to anonymous electronic accounts to decrypt them.
Apart from that, the virus connected to servers with Russian IP addresses and received commands from there; they could be controlled remotely and transfer collected information on demand.
“Virtually, Kremlin-controlled Russian hackers could have had an opportunity to covertly and remotely administer Ukrainian web resources and tap them to get information,” SBU chief Vasyl Hrytsak said in an interview with Interfax-Ukraine on Dec. 29.
The malware was dubbed DarkTrack. It is a development of a computer virus called PSCrypt, known for hitting Ukraine in the past.
The SBU’s counterintelligence department sent its recommendations to all the parties that received emails.
Ukraine has been a frequent target for hackers in the past.
The largest cyberattack happened this summer: some of the biggest state-owned and private companies in Ukraine stopped functioning on the afternoon of June 27 due to the massive NotPetya ransomware attack that spread across the world, but hit Ukraine the most.
The NotPetya virus attacked around 12,500 machines across Ukraine. It is now reckoned to be the biggest cyberattack in country’s history.
The virus’ name derives from the Petya virus, which has been active since spring 2016, but NotPetya used stronger encryption, which enabled it to seize the systems of high-profile companies, including Danish shipping giant Maersk, U.S. pharmaceutical company Merck and numerous Ukrainian government offices.
It paralyzed the work of the Cabinet and derailed the document system at Chornobyl Nuclear Power Plant. Among others affected were state-owned savings bank Oschadbank, private bank Ukrgazbank, energy companies Kyivenergo and Ukrenergo, national telecommunications operator Ukrtelecom, mobile carrier Lifecell, postal companies Ukrposhta and Nova Poshta, Kyiv Boryspil International Airport and several media organizations.
In December 2015, power company Prykarpattyaoblenergo suffered a major attack that led to blackouts across western Ukraine. In that attack, about 230,000 Ukrainians were plunged into darkness for six hours after hackers inserted malware into control systems of part of the oblast grid. Ukraine has blamed Russia for the attacks, and the malware used, BlackEnergy, has its origins in Russia, according to experts. However, there is no definitive link between the cyberattack and the Russian government, according to U.S. officials.