The Surprising Ways Russians Are Targeting Ukraine With Malware
Russian hackers are at it again, reportedly now infecting companies in Ukraine with “back door” malware that can help them execute a coordinated cyberattack, somewhere along the lines of those in the recent past. According to Reuters, this threat has been revealed by Ukraine’s cyber police chief, Serhiy Demedyuk, who has also stated that efforts to identify these attackers are ongoing. “The hackers are targeting companies, including banks and energy infrastructure firms, in a rollout that suggests they are preparing to activate the malware in one massive strike. Ukrainian police are also working with foreign authorities to identify the hackers, Demedyuk explains.
The report goes on to say, “Law enforcement and corporate security teams around the world pay close attention to cyber threats in Ukraine, where some of the most destructive hacks in history have originated. A virus dubbed “NotPetya” hit Ukraine in June 2017, taking down government agencies and businesses before spreading to corporate networks around the globe, causing companies billions of dollars in losses.”
The Kremlin has reportedly denied the allegations. But Jaime Blasco, Chief Scientist with cybersecurity firm Alien Vault has stated, “The fact that the Ukraine government has decided to go public with this shows how scared they are about the impact and want people to be aware.”
In today’s scenario, malware attacks are rarely limited to one nation and tend to always go spread around the world. If not effectively curbed, experts believe this alleged move by Russian hackers could lead to another massive global attack. Reports suggest Ukranian police have been detecting viruses since the start of the year in phishing emails being sent from the legitimate domains of Ukranian institutions, whose systems have been unknowingly hacked. The cybercriminals appear to have created fake web pages mimicking real government sites. Investigators also believe these hackers have tried to evade detection by breaking the malware into separate files and putting them onto the targeted networks before they are activated.
As per the reports, indications are that the hackers could be planning to strike on a specific day. Reuters quotes Serhiy Demedyuk as saying, “Analysis of the malicious software that has already been identified and the targeting of attacks on Ukraine suggest this is all being done for a specific day.”
The Reuters report, dated June 26, further adds, “Relations between Ukraine and Russia plunged following Russia’s annexation of Crimea in 2014, and Kiev has accused Russia of orchestrating large-scale cyberattacks as part of a “hybrid war” against Ukraine, which Moscow repeatedly denies. Some attacks have coincided with major Ukrainian holidays. Demedyuk said another strike could be launched on Thursday, a symbolic date of independence called Constitution Day.
It’s estimated that the current campaign could be as big as the NotPetya strike. But Demedyuk has pointed out that such an attack is not possible without the help of government bodies. He says, “Everything we’re seeing and everything we’ve intercepted in this period? 99 percent of the traces come from Russia.”
Ukraine, with full cooperation with foreign allies like the U.S., Britain, and NATO, is prepared to fight such malware attacks. However, some Ukranian companies still haven’t cleaned their systems after the NotPetya attack, which increases their vulnerability considerably. Whether or not they will properly prepare their system for attack remains to be seen.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.