Tech News

Destructive Hacks Against Ukraine Similar to Its Last Cyberwar

For weeks, a The world of cybersecurity has set in motion a destructive philanthropy that could follow or mark the Russian invasion of Ukraine. Now, the first wave of demonstrations seems to have arrived. Even to a lesser extent, the campaign uses methods that signal the resumption of Russia the most disruptive cyberwar campaign that paralyzed the Ukrainian government with complex construction years ago.

The phishing scam software, which appears to be a ransom, has hit computers inside Ukrainian government agencies and affiliates, security analysts at Microsoft. said Saturday night. The victims include an IT company that manages a list of sites, such as the one who steals defiled by a message against Ukrainian earlier Friday. But Microsoft also warned that the number of victims should continue to grow as the wiper hacking program is available on many networks.

Viktor Zhora, the head of Ukraine’s cybersecurity organization, State Services for Special Communication and Information Protection, or SSSCIP, said he first heard about the message of redemption on Friday. Administrators found locked PCs and displayed a $ 10,000 message for Bitcoin, but the machine’s power supply was permanently damaged when the controller restarted them. He said the SSSCIP had just detected malware on a number of machines, and that Microsoft had warned Ukrainians that it had evidence that the malware had triggered a number of malware. By Sunday morning ET, someone seems to have tried to pay the full ransom.

“We are trying to determine if this is related to a major attack,” Zhora said. “This could be the first phase, part of the most difficult things that could happen soon. That’s why we’re so worried.”

Microsoft warns that if a PC-infected PC is rebooted, the malware will record computer software or MBR, information on the hard drive that tells the computer how to set up its operating system. It then runs a fake file system that lists a long list of file types in some items. These destructive methods are uncommon for ransomware, Microsoft blog posts, because they cannot be easily modified if the victim pays a ransom. No malware program or message of redemption appears to have been prepared for anyone affected by the campaign, meaning thieves have no intention of pursuing victims or releasing victims’ machines.

All of the malicious attacks of the malware, as well as its propaganda for ransomware, have vicious reminders of Data wiping in Russia that took place against the Ukrainian system from 2015 to 2017, sometimes with destructive consequences. In the waves of 2015 and 2016 attacks here, a a gang of thugs known as the Sandworm, later became known as part of Russian military GRU intelligence agency, used a similar malware program that Microsoft had identified to scan hundreds of PCs within Ukrainian media, electronics, trains, and government agencies including the Treasury and pension funds.

Supervised malware, many of which used ransomware fake messages to confuse investigators, ended with Sandworm release for NotPetya worms in June 2017, which spreads itself from machine to machine within the network. As a result of the same attack, NotPetya wrote master boot notes along with a series of file types, weakening hundreds of Ukrainian corporations, from banks to hospitals in Kyiv to the Chernobyl monitoring and cleaning operation. In just a few hours, NotPetya spread around the world, and eventually cost $ 10 billion, the largest online spending in history.

The appearance of a malware program that closely resembles the past has added to the global security alarms, which had previously warned of increasing data breaches due to the crisis in the region. The Mandiant security company, for example, released a detailed report on Friday on tightening IT systems in response to threats posed by Russia in the past. “We have been warning our customers of the seemingly imminent destruction,” said John Hultquist, Mandiant’s leading intelligence expert.

Microsoft has been careful to state that it does not have any evidence of any reputable third party responsible for the newly found malware. But Hultquist says he has no choice but to recognize the similarities between the malware and the malware that Sandworm uses. The GRU group has a long history of destructive and destructive activities in Russia that are called “close to outside” of the countries of the former Soviet Union. And Sandworm in particular has a reputation for increasingly aggressive theft during times of crisis or conflict between Ukraine and Russia. “At this juncture, we expect the GRU to be extremely aggressive,” Hultquist said. “The problem is with their wheel.”


Source link

Related Articles

Leave a Reply

Back to top button