ContributorsPublishersAdvertisers
Public Safety

Destructive cyberattacks target Ukrainian organizations

By Grant Gross
WashingtonExaminer
WashingtonExaminer
 1 day ago

M icrosoft’s security team has identified a destructive malware operation targeting multiple organizations in Ukraine, including government agencies, nonprofit organizations, and information technology companies.

In its Jan. 13 security alert , Microsoft didn’t identify the attacks as coming from Russia, but it suggested the malware may be “nation-state actor activity.” Neighboring Russia has amassed about 100,000 troops on the Ukraine border, prompting fears of an invasion.

However, Microsoft said it had not found any significant links to known hacking groups.

The attacks are “unique,” Microsoft said, with the malware disguised as ransomware that generates a fake ransom note but instead attempts to wipe a computer’s master boot record, which identifies where the operating system is located and allows the computer to boot up.

“Our investigation teams have identified the malware on dozens of impacted systems, and that number could grow as our investigation continues,” Microsoft’s security team wrote. “We do not know the current stage of this attacker’s operational cycle or how many other victim organizations may exist in Ukraine or other geographic locations. However, it is unlikely these impacted systems represent the full scope of impact as other organizations are reporting.”

Microsoft said the recent attacks differ from a typical ransomware attack in several ways. For example, ransomware attacks are usually customized to each victim. But in this case, the same ransom payload hit several victims.

The attackers don’t seem to be spying for intelligence or intellectual property theft, typically common goals for nation-state attackers, said Saryu Nayyar, CEO and founder of cybersecurity vendor Gurucul .

“These threat actor groups aren't interested in simple financial gain,” she told the Washington Examiner.

The attack, instead, appears to focus on disruption, added Saumitra Das, CTO and co-founder of Blue Hexagon , a cloud security company.

“Causing systems to go down is not beneficial to criminal gangs out to make a quick buck but very effective for nation-states as a provocation or tool used for larger aims,” he told the Washington Examiner . "Malware that extorts based on disruption does not usually make the system inoperable but merely throttles it.”

While Microsoft did not point to Russian hackers in its threat report, several other cybersecurity experts said the attacks were likely the work of the Russian government or hackers working on its behalf.

It isn’t a “substantial stretch” to associate the attacks with Russian interests, said Rick Holland, chief information security officer at Digital Shadows , a cybersecurity provider. “The ransomware ruse gives the threat actor a thin veneer of plausible deniability,” he said.

The Ukraine cyberattacks are consistent with the Russian government’s playbook, he told the Washington Examiner .

Whether the Russian government encourages hackers to attack opponents or directs the cyberattacks itself, it “seeks to disrupt government and private institutions of their geopolitical opponents,” he said. He noted that Russia had been accused of cyberattacks against Ukraine in 2014 and 2017, with the 2014 attacks preceding its annexation of Crimea.

Ukraine has blamed a Belarusian threat called UNC1151, which likely has close ties with Russia, noted Dan Desko, CEO and managing partner at cybersecurity vendor Echelon Risk + Cyber .

However, “attribution in the cyberworld is a very tough thing, even with all the data, and you can never assume things,” Desko told the Washington Examiner . “Many times, threat actors will plant false flags [or] data and use tools that point to the involvement of other threat actor groups to make it look like the attacks are coming from somewhere else.”

The attacks, though, appear to be “another tactic in the arsenal of a country on the offensive that is trying to strike fear into another country and their people,” he added. “It is a type of attack that could erode the trust in a government from a citizen’s perspective, that is for sure.”

Washington Examiner Videos

Comments / 0

Related
IN THIS ARTICLE
#Information Security#Cloud Security#Cyberattack#Russia#Ukraine#Ukrainian#The Washington Examiner#Cto
YOU MAY ALSO LIKE
NewsBreak
Microsoft
NewsBreak
Public Safety
NewsBreak
Nonprofit Organizations
infosecurity-magazine.com

Microsoft Warns of Destructive Malware Campaign Targeting Ukraine

Microsoft has detected a major malware wiper campaign targeting government, IT and non-profit organizations across Ukraine. Dubbed “WhisperGate,” the attacks were first spotted on January 13, at around the same time that over a dozen government websites were forced offline in what was described as a “massive” cyber-attack.
PUBLIC SAFETY
Reuters

German government distances itself from navy chief's comments on Putin

BERLIN (Reuters) - The German government on Saturday distanced itself from comments made by its navy chief after video footage emerged in which the vice-admiral said Russian President Vladimir Putin deserved respect and that Kyiv would never win back annexed Crimea from Moscow. German Navy Chief Kay-Achim Schoenbach apologized for...
POLITICS
The Independent

Britain accuses Putin of plot to install Kremlin ally in Ukraine

Britain has accused President Vladimir Putin of plotting to install a pro-Moscow leader as head of the government in Ukraine as he considers whether to mount an invasion against Russia’s neighbour.The Foreign Office took the unusual step of naming former Ukrainian MP Yevhen Murayev as a potential Kremlin candidate to take over in Kyiv.The move comes as Western allies stepped up warnings that Russia will pay a heavy price if the estimated 100,000 troops massed on the border launch any kind of incursion into Ukraine.In a statement, Foreign Secretary Liz Truss said the Russian plotting showed the lengths to which...
POLITICS
NPR

CIA report: no evidence linking Havana Syndrome cases to a foreign country

A CIA investigation has not found evidence that a foreign country was responsible for mysterious ailments suffered by hundreds of U.S. diplomats and intelligence officials in multiple countries in recent years. Most of the illnesses appear related to previously undiagnosed medical conditions or stress, according to an interim report by...
U.S. POLITICS
AOL Corp

Tucker Carlson gets called out by Alexander Vindman for 'fanboying over authoritarianism'

Retired Army Lt. Col. Alexander Vindman, who served as director of European affairs for the National Security Council under former President Donald Trump, appeared Wednesday on All In With Chris Hayes and spoke about Russia’s possible invasion of Ukraine, which now appears imminent. Vindman believes there are a number of factors that caused the situation to escalate, one of those being his former boss.
POLITICS
WashingtonExaminer

WashingtonExaminer

Washington, DC
187K+
Followers
59K+
Post
105M+
Views
ABOUT

News about the White House, Congress and the Federal Government

 https://www.washingtonexaminer.com

Comments / 0

Community Policy