WhisperGate: Russia Responsible For Cyber Attacks On Ukraine

Ukraine's State Security Agency (SBU), says that it has found convincing evidence that the recent cyber attacks on Ukrainian government websites are linked to hacking groups associated to Russian intelligence services.

According to the authoritative Zero Day website, dozens of Ukraine government computers across different agencies were wiped using a malware known as WhisperGate, which deletes or overwrites  important system files, rendering systems unable to boot up or otherwise operate. 

This malware works in stages and may lie dormant until triggered. It has the potential to spread and infect  other connected computers, resulting on permanent data destruction.

The extent to which it has spread to other computer networks operated by the Ukraine government is presently unknown.

This follows a week of fruitless meetings between US and Russian diplomats in which the White House had warned that Russia perpetrate 'false flag' operations and attack its own allies in Ukraine as a pretext to invade. 

The cyber attack has been called a preparatory move in advance of  possible military action. The cyber attack affected around 70 government websites in Ukraine overnight on Friday 14th January, making it the largest cyber attack on Ukraine since the widespread blackouts of 2016 affecting the electricity grid. The Ukraine Foreign Ministry website was hacked and temporarily displayed a message prior to the attack a message appeared warning Ukrainians to "prepare for the worst". 

Ukraine has come under intense pressure from its neighbour, with a build-up of some 100,000 Russian troops near its borders. The US and NATO have offered support to Ukraine and while Russia has made no official statement about the attack, Ukraine's Ministry of Information ministry says that Russian media reported the attacks before Ukraine did.

  • NATO said it would soon be signing an agreement with Ukraine on enhanced cyber cooperation, which would give it access to the alliance's malware information sharing platform.
  • The US government says it it will provide Ukraine with whatever support it needs to recover from the attack.

At the start of Friday's attack, a message on the hacked websites was posted in three languages, Ukrainian, Russian and Polish. "Ukrainian! All your personal data has been uploaded onto the public internet," the message read. It continued: "This is for your past, your present and your future." The Polish language message contained grammatical errors and did not appear to have been written by a native speaker, according to a statement issued by Poland's government, which also blamed Russia for the attack.

Ukraine has been repeatedly targeted since 2014, when Moscow invaded and annexed Crimea and started a war in the eastern Donbas region. About 288,000 cyber-attacks took place in the first 10 months of 2021, according to official figures, with 397,000 in 2020. 

Ukraine says that it does does not have offensive cyber weapons to attack back, but the official said it was prepared to defend against more assaults from Russia. In winter 2015 suspected Russian hackers took out parts of the country’s power grid, which led to almost a quarter of a million Ukrainians losing power and heat. A repeat attack happened in 2016.

Zero Day:    CNN:    CBS:     Reuters:      BBC:     Guardian:      Sky:      France24:     NPR:      PBS:   

You Might Also Read: 

The Emerging Domain Of  Cyber War:

 

« 'War Is Coming’ - TikTok Used To Scare Swedish Children
Employee Cyber Security Training Is Vital To Reduce Cyber Attacks »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

Rubicon Workflow Solutions

Rubicon Workflow Solutions

Rubicon is a leading provider of managed IT support and strategic services, specialising in creative and mixed platform environments.

Finjan Holdings

Finjan Holdings

Finjan solutions are aimed at keeping the web, networks, and endpoints safe from malicious code and security threats.

Arsenal Insurance Company

Arsenal Insurance Company

Arsenal is an insurance provider based in Moscow, Russia. Services offered include Cyber Risk insurance.

Thermo Systems

Thermo Systems

Thermo Systems is a design-build control systems engineering and construction firm. Capabilties include industrial control system cybersecurity.

Terranova Security

Terranova Security

Terranova is dedicated to providing information security awareness programs customized to your internal policies and procedures.

Sungard Availability Services (Sungard AS)

Sungard Availability Services (Sungard AS)

Sungard AS partners with customers around the globe to understand their unique business needs and provide production and recovery services tailored to their requirements.

Rublon

Rublon

Rublon protects endpoints, networks and applications by providing trusted access via two-factor authentication (2FA).

MicroSec

MicroSec

MicroSec is a company specializing in IoT security. We focus on bringing enterprise grade security to IoT and embedded systems.

Cyber Defense Networking Solutions (CDNS)

Cyber Defense Networking Solutions (CDNS)

CDNS is a global network infrastructure provider whose platforms are engineered for security, optimized for speed and designed for resiliency.

Quad9 Foundation

Quad9 Foundation

Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system's performance, plus, it preserves and protects your privacy.

SpiderOak

SpiderOak

SpiderOak's portfolio of Secure Communication & Collaboration products ensure the confidentiality, integrity, and availability of your most sensitive data in any environment.

Acumera

Acumera

Acumera is a leader in managed network security, visibility and automation services.

Bluefin Payment Systems

Bluefin Payment Systems

Bluefin is the recognized integrated payments leader in encryption and tokenization technologies that protect payments and sensitive data.

Btech

Btech

Btech is the market leader in providing affordable managed IT security services for credit unions.

Validia

Validia

Validia is a deepfake cybersecurity service that provides proactive and reactive defense to the deepfake threat enterprises increasingly face with the rapid growth of generative AI.