The National Coordination Center for Cybersecurity (NCCC) under the National Security and Defense Council (NSDC) of Ukraine has recorded attempts to circulate malware-ridden e-documents through the System of Electronic Interaction of Executive Bodies (SEI EB).
The attack aimed at mass contamination of information resources of government agencies as this system is used for e-document turnover by most public authorities, the NSDC's press service said.
"The malicious documents contained a macro that secretly downloaded a program to remotely control a computer once files were opened. The tactics and tools applied in this cyberattack allow connecting it with one of the cyber-espionage groups from Russia," the report says.
Read alsoU.S. response to SolarWinds hack could go beyond sanctions – Biden's advisorJudging by its scenario, the breach attempt is one of the so-called supply chain attacks where perpetrators seek to gain access to the target organization indirectly, through vulnerabilities in tools and services it uses.
The most notorious and massive attacks of this type was NotPetya, aimed at damaging Ukrainian infrastructure in 2017, as well as Solorigate – Russia's cyber-espionage operation, conducted in 2020-2021, which is now being investigated in the United States. In both cases, the malicious code was spread through distributed software (MEDOC in Ukraine and Solarwinds products – in the United States), after it was compromised by the attackers.