Thursday, April 18, 2024

Cyberattacks on Ukrainian websites come into clearer focus as Russia tensions escalate

Cybersecurity researchers shed additional light over the weekend on the cyberattacks that disabled Ukrainian government websites, as Kyiv pointed to Russia as the culprit.

Microsoft and ESET both shared details on the nature of the malware that took the Ukrainian sites down.

Microsoft “assesses that the malware, which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom,” the company wrote in a blog post Saturday.

However, Microsoft said it couldn’t yet attribute who was behind the malware, labelled WhisperGate. The Department of Homeland Security’s Cybersecurity and Infrastructure Agency recommended that network defenders review the Microsoft blog post, suggesting the possibility that the attacks could spread to include other targets.

ESET on Sunday elaborated further, saying that the malware the attackers contained code “commonly used by commodity e-crime malware.”

“It is likely that attackers were trying to avoid existing detections at the last moment before the attack, that’s why they used third party criminal services,” ESET said in a tweet thread.

Ukraine was more definitive in placing blame than Microsoft.

“All the evidence points to Russia being behind the cyberattack,” the Ukrainian digital transformation ministry said in a Sunday statement. “Moscow is continuing to wage a hybrid war.”

A Ukrainian official also told Reuters that signs point to the attacks being the work of a Belarusian intelligence-connected group known as Ghostwriter, a group that might have a Russian element.

The Kremlin has denied being involved.

The attacks on the Ukrainian government websites add to that nation’s hostilities with Russia, which U.S. intelligence believes is planning an invasion on the country’s eastern border. The incidents also surfaced around the same time Russia announced it had arrested ransomware gang members on its own soil alleged to be behind the Colonial Pipeline attack, raising suspicions that the Kremlin intends to use the arrests as diplomatic levers with the U.S., which has threatened sanctions should Russia invade Ukraine.

Recommended:  Microsoft Confirms Server Misconfiguration Led to 65,000+ Companies' Data Leak

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

You may also enjoy reading, Ukrainian Government Officially Accuses Russia of Recent Cyberattacks

Stay informed of the latest Cybersecurity news, trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Bookmark
ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security