A coordinated cyberattack took down temporarily several Ukrainian government websites against the backdrop of rising tensions that suffer Russia and Ukraine.
Microsoft warned it could be worse than first thought, spotting a new destructive malware operation targeting vital entities in the European country.
What’s going on between these two nations? How much damage caused this attack?
Let’s find out.
Russia Blamed for Ukraine Government Cyberattacks
The Security Service of Ukraine (SBU) said such attacks had targeted a total of 70 government websites, deleting content from those including the Ukrainian Ministry of Foreign Affairs, Ministry of Education and Science, Ministry of Defense, and the State Emergency Service. Most of the affected sites were put back online shortly after with minimal fallout.
Weirdly enough, these sites also displayed the following message in different languages (Russian, Ukrainian and Polish languages):
Translation: “Ukrainian! All your personal data has been sent to a public network. All data on your computer is destroyed and cannot be recovered. All information about you stab (public, fairy tale and wait for the worst. It is for you for your past, the future, and the future. For Volhynia, OUN UPA, Galicia, Poland, and historical areas.”
While Russian politics insisted there was no evidence of them being behind the attack, including Dmitry Peskov (President Vladimir Putin’s spokesman) who told CNN: “Russia has nothing to do with these cyberattacks. Ukrainians are blaming everything on Russia, even the bad weather in their country.”
… The attacks did come in an opportunistic time, as Russia’s military buildup along the border with Ukraine continues. Rumors of a possible Russian invasion of Ukraine have been shared, while discussions between the U.S. and Russia have failed to settle the situation.
On the other hand, Microsoft researchers gathered some clues about the attackers and their modus operandi. The threat was tracked as “DEV-0586.” However, other experts speculate these attacks may come from the Ghostwriter group, tracked as “UNC1151.”
Who’s to blame here?
Up to now, there’s no certain answer. But what is known, is that this week’s event was accompanied by the supposed capture of the REvil Ransomware gang in Russia.
At the request of U.S. authorities. Russia’s FSB agency has swooped in to “liquidate” the group of 14 hackers (also known as “Sodinokibi”) by raiding 25 locations in Leningrad, Lipetsk, Moscow, and St. Petersburg, seizing assets worth more than $5.6 million.
That’s approximately 426 million rubles caught in luxury vehicles, cryptos, and cash.
Group members were captured and charged with “illegal circulation of means of payment.”
Will this takedown matter at all?
While it is a big achievement (if it comes to be real), it might backfire as it has happened before, with other groups returning or arising for the first time (even affecting how countries’ conflicts take place).
One thing is for sure: this is a scary situation that not even security-packed governments can escape from. Do you think your business can?
While Ukraine’s security service has protected its entities enough to not lose vital information, they still got their “impenetrable walls” down.
It’s your turn to take action before all of your assets come in the interest of many bad actors chasing easy money out there.
Let’s talk and get your digital infrastructure protected.