Ukraine Says Russian Hackers Are Preparing A Massive Strike

Hackers from Russia are infecting Ukrainian companies with malicious software to create “back doors” for a large, coordinated attack, Ukraine’s cyber police chief told Reuters on Tuesday 26th June. The hackers are targeting companies, including banks and energy infrastructure firms, in a roll out that suggests they are preparing to activate the malware in one massive strike, cyber police chief Serhiy Demedyuk said. 

Ukrainian police are working with foreign authorities to identify the hackers, Demedyuk added.

Law enforcement and corporate security teams around the world pay close attention to cyber threats in Ukraine, where some of the most destructive hacks in history have originated. A virus dubbed “NotPetya” hit Ukraine in June 2017, taking down government agencies and businesses before spreading to corporate networks around the globe, causing companies billions of dollars in losses.

“The fact that the Ukraine government has decided to go public with this shows that they are scared that this could have a big impact and want people to be aware,” said Jaime Blasco, chief scientist with cybersecurity firm AlienVault.

It is difficult to contain the impact of a cyberattack within one nation, so it is possible this new threat could spread around the globe, he added.

Since the start of the year, Ukraine police have identified viruses in phishing emails sent from legitimate domains of state institutions whose systems were hacked and fake webpages mimicking that of a real state body.

Hackers have sought to evade detection by breaking malware into separate files, which are put onto targeted networks before they activate them, Demedyuk said.

“Analysis of the malicious software that has already been identified and the targeting of attacks on Ukraine suggest that this is all being done for a specific day,” he said.

Relations between Ukraine and Russia plunged following Russia’s annexation of Crimea in 2014, and Kiev has accused Russia of orchestrating large-scale cyberattacks as part of a “hybrid war” against Ukraine, which Moscow repeatedly denies.

Some attacks have coincided with major Ukrainian holidays. Demedyuk said another strike could be launched on Thursday — Constitution Day — or on Independence Day in August.

The United States and Britain joined Ukraine in blaming Russia for the NotPetya campaign in 2017. It took a costly toll on quarterly results of major global corporations including Cadbury chocolate maker Mondelez International Inc and freight logistics company FedEx Corp.

The scale of the current campaign is the same as NotPetya, according to Demedyuk.

“This is support on a government level - very expensive and very synchronized. Without the help of government bodies, it would not be possible. We’re talking now about the Russian Federation,” he said.

“Everything we’re seeing, everything we’ve intercepted in this period: 99 percent of the traces come from Russia.”

Ukraine is better prepared to withstand such attacks thanks to cooperation with foreign allies including the United States, Britain and NATO, Demedyuk said.

Still, there are some Ukrainian companies that have not cleaned their computers after NotPetya struck, which means they are still infected by that virus and vulnerable to being used for another attack.

“We are sounding the alarm to remind people - come to your senses, check your equipment,” he said.

Reuters

You Might Also Read: 

Leaked Emails Expose Russian Exploits In Ukraine:

Ukraine Detects A Cyber Attack On A NATO Member:

« Chinese Hack Breached US Satellites
Former UK Spy Boss Say Russia Is 'live testing' Cyber-Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The Josef Group (TJG)

The Josef Group (TJG)

The Josef Group Inc. is a certified woman-owned permanent staffing agency specializing in Information Technology, Engineering, and US Government "cleared" IT candidates.

Intelligence-sec

Intelligence-sec

Intelligence-Sec is a fully integrated Conferences and Exhibitions Company managing and producing topical events for the security industry.

Panaseer

Panaseer

The Panaseer Security Data Lake is a big data analytics software platform providing joined-up visibility of business risk from cyber.

Bericon Forensics

Bericon Forensics

Bericon is one of the longest established forensic science consultancies in the UK. Activities include computer and mobile phone forensics.

Soracom

Soracom

Soracom offers secure, scalable, cloud-native connectivity developed specifically for the Internet of Things.

Internet Storm Center (ISC)

Internet Storm Center (ISC)

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with ISPs to fight back against the most malicious attackers.

ENVEIL

ENVEIL

ENVEIL’s technology is the first scalable commercial solution to cryptographically secure Data in Use.

The Data Privacy Group

The Data Privacy Group

The Data Privacy Group provide expert professional services underpinned by world leading automation tools and a consulting team specialized in privacy and data protection.

Data61

Data61

Data61 is Australia’s leading digital research network offering the research capabilities, IP and collaboration programs to unleash the country’s digital & data-driven potential.

SecuLetter

SecuLetter

SecuLetter is able to detect unknown attacks with hybrid approaches, static and dynamic analysis.

Lifetech

Lifetech

Lifetech is a software development, product engineering and system integration company. Cybersecurity services include SIEM deployment and training.

VeriClouds

VeriClouds

VeriClouds is a password verification service that helps organizations detect compromised passwords and stop account takeover attacks.