Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack
Ukraine is formally pointing fingers at Russian hackers for hacking into one of its government systems and attempting to plant and distribute malicious documents that would install malware on target systems of public authorities.
"The purpose of the attack was the mass contamination of information resources of public authorities, as this system is used for the circulation of documents in most public authorities," the National Security and Defense Council of Ukraine (NSDC) said in a statement published on Wednesday.
The NSDC's National Coordination Center for Cybersecurity (NCCC) termed it a supply chain attack aimed at the System of Electronic Interaction of Executive Bodies (SEI EB), which is used to distribute documents to officials.
Calling it a work of threat actors with ties to Russia, the NSDC said the malicious documents came embedded with a macro that, when opened, stealthily downloaded malicious code to control the compromised system remotely.
"The methods and means of carrying out this cyberattack allow to connect it with one of the hacker spy groups from the Russian Federation," the agency said.
While the NSDC did not take any names, it's not immediately clear when the attack took place, how long the breach lasted, and if any of the infections were successful.
The development comes two days after the NSDC and NCCC warned of massive distributed denial-of-service (DDoS) attacks singling out websites belonging to the security and defense sector, including that of the NSDC.
"It was revealed that addresses belonging to certain Russian traffic networks were the source of these coordinated attacks," the NSDC said, while stopping short of directly accusing the country.
The NCCC also stated the "attackers used a new mechanism of cyberattacks" that involved using a previously undocumented strain of malware that was planted on vulnerable Ukrainian government servers, and in the process, coopted the devices into an attacker-controlled botnet.
The infected systems were then used to carry out further DDoS attacks on other Ukrainian sites, the agency said.
Source: feedproxy.google.com