Ukraine hit by cyber attacks amid Russian invasion
Cyber security firm ESET has discovered new destructive malware circulating in Ukraine as neighbouring Russia invades the eastern European country.
Taking to Twitter, the cyber security firm yesterday said it discovered new data wiper malware used in Ukraine.
ESET telemetry data shows the malware was installed on hundreds of machines in the country. According to ESET, this followed some distributed denial-of-service (DDoS) attacks against several Ukrainian websites earlier on Wednesday.
A DDoS attack involves multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic.
“We observed the first sample today (Wednesday) around 14h52 UTC / 16h52 local time. The PE [portable executable] compilation timestamp of one of the samples is 2021-12-28, suggesting the attack might have been in preparation for almost two months,” says ESET.
It notes the wiper binary is signed using a code signing certificate issued to Hermetica Digital. The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data. As a final step, the wiper reboots the computer, it adds.
ESET points out that in one of the targeted organisations, the wiper was dropped via the default (domain policy) group policy object, meaning that attackers had likely taken control of the active directory server.
According to CNN, key Ukrainian government websites were down early this morning local time following a day in which Ukrainian agencies dealt with multiple cyber attacks and as concerns mounted over Russian troop movements into Ukraine's separatist regions.
The websites of the Ukrainian Cabinet of ministers, and those of the ministries of foreign affairs, infrastructure, education and others, were experiencing disruptions, it adds.
“We are aware of multiple commercial and government organisations in Ukraine impacted by the destructive malware today,” Charles Carmakal, senior vice-president and chief technology officer of cyber security firm Mandiant, told CNN.
It was not immediately clear who was behind the attacks at the time of writing.