Without showing them, Kyiv (Kiev) claims to have proof that Russia is the author of the cyberattacks against its government sites. According to Microsoft, this attack, in the form of malware disguised as ransomware, would be much larger and would affect many Ukrainian government agencies and organizations.
You will also be interested
[EN VIDÉO] What is a cyberattack? With the development of the Internet and the cloud, cyberattacks are becoming more frequent and sophisticated. Who is behind these attacks and for what purpose? What are the methods of hackers and what are the most massive cyberattacks?
Following the massive cyberattack committed on January 13, that is to say, the day after the end of the talks between Russia and NATO on the Ukrainian crisis, the investigation to determine its origin is still in progress. Classes. According to the SBU, the Ukrainian intelligence service, 70 government sites have been attacked and ten of them hacked. Still according to the SBU, no data leak would have taken place. If no international organization ventures to attribute the attack, all eyes are on Russia.
For its part, Ukraine does not hesitate to denounce the alleged author of this attack. Thus in a statement, the Ukrainian Ministry of Digital Transformation said ” so far, all evidence points to Russia being behind the cyberattack “. For the Minister, it is a ” manifestation of war hybrid that Russia leads against Ukraine since 2014 “. Still according to the ministry, the objective of the Kremlin remains to destabilize the Ukrainian government, while undermining the confidence of the populations. Russia denied with a touch of sarcasm being the author of the attack.
Destructive ransomware
While waiting to obtain formal proof, many cybersecurity players are making their resources available to try to see more clearly. This is particularly the case of the laboratory of Microsoft. The firm has announcement that the malware used remains active and could continue to infect dozens of systems. According to experts, the malware runs when a network device is turned off.
However, switching off the machines is precisely the first reflex that one can have when a network is contaminated by a ransomware. Concretely, on restart, the malware will begin by overwriting the hard drive’s boot sector (MBR), then encrypting all of its contents. He acts like a ransomware but does not have a truly effective ransom recovery mechanism. Its vocation is therefore the destruction of systems by encryption strong.
At this time, Microsoft said it was unable to identify the perpetrator of the attack. On the other hand, what is certain is that it targeted dozens of systems belonging to the government, but also to NGOs and organizations of the technological sector, all based in Ukraine. In other words, the authors wanted theattack shines as widely as possible on a panel of targets linked to the Ukrainian state. A method that could support the theory of Kyiv on the desire to destabilize the country.
The Ukrainian State, victim of a massive cyberattack
A massive cyberattack hit around 15 government sites last night in Ukraine. If it could not yet be attributed, all eyes are on Russia, while tensions are at their highest between the two countries.
Article by Sylvain Biget published on 01/14/2022
While talks have just ended between the United States, its allies and Russia about a potential military offensive in Ukraine, the situation remains very worrying. On the sidelines of the noise of boots on the eastern border of Ukraine, it is once again the cyber weapon that comes to thunder. A few weeks ago, Futura explained that American and British cyberfighters had been deployed to Ukraine to help authorities increase the country’s cyber defense. Experts then worried about an offensive that would begin with a massive cyberattack from Russia.
And precisely, this night, about fifteen websites of government agencies have actually suffered a cyberattack. Futura was able, for example, to note that the site of the Ministry of Foreign Affairs no longer responded. Before he disappeared, on this site, a threatening message written in Russian, Ukrainian and, strangely, Polish was displayed.
It was topped by a crossed out Ukrainian flag, the map of the country and other crossed out patriotic symbols. The message said that all personal data of Ukrainians had been uploaded to the web. He also mentioned the Ukrainian Insurgent Army and other nationalist organizations, which had fought alongside the Nazis, the USSR during World War II, and which committed several massacres in some disputed Polish regions at the time.
A strange intention which could make believe that the authors of the attack could be Polish and not Russian, as everyone could imagine. At the moment, the Ukrainian government’s cybersecurity teams are working on the restoration of the systems and the cyber investigators are discussing the subject. To carry out their attack, it seems that the hackers took advantage of a flaw in a website management system called October.
Cyberattacks to prepare the offensive?
Of course, as often, the evidence is lacking to attribute formally the attack, but it is towards the Kremlin that all eyes are turned. Thus, after having condemned the attack, without attributing it, the authorities of the countries supporting Ukraine and, in particular the European Union, indicated that they would provide their assistance to help the country. As Futura previously explained, Ukraine has been targeted repeatedly since 2014, when Moscow annexed Crimea and unleashed a war in the Donbass region.
Among the attacks in 2017 were NotPetya. It had an international impact and specifically targeted the Ukrainian economic sector to paralyze it. In 2015-2016, attacks against electrical infrastructure also took place with giant blackouts. According to the latest official figures, there were around 288,000 cyberattacks in the first 10 months of 2021.
Ukraine: how a cyberattack could paralyze the country
As Putin threatens his Western adversaries with a military response in Ukraine, the first weapon he could exploit is a cyberattack. American experts believe that Russian hackers are capable of crippling the country by attacking its critical infrastructure. Explanations.
Article by Sylvain Biget, published on December 25, 2021
In Ukraine, between 2015 and 2016, a wave of 6,500 cyberattacks against institutions and infrastructure paralyzed twelve power plants in the country. In Ivano-Frankivs’k, in the west of the country, an attack on the Prykkarpatya Oblenergo power plant thus deprived 250,000 users of power for six hours. Futura had gone there and an engineer had shown the videos he had filmed with his phone.
On the control screens, the hackers could be seen in action, taking full control of the facilities. Impossible to regain control! As the electrical installations mixed Soviet and modern technologies, the technicians were able to restart the power delivery points locally. The attack had been well prepared and the hackers had waited for the holiday period to carry out their action.
Cut the power by attacking the distribution points ofenergyis to turn off all communications and completely paralyze a country. This scenario would be possible in France and even more dangerous still. No need to hack them nuclear center to achieve this. Without electricity, all of life comes to a standstill and the supermarkets that operate just in time would not last more than 48 hours. A catastrophe worse than a war physical !
As tension rises a notch between NATO members and Russia over the Donbass area, Ukraine rightly fears that a wave of cyberattacks against its electrical systems is not preparing. It should be emphasized that the cyberwar conducted against Ukraine never stopped even if, like that of the front line trenches, it remained of low intensity. But, according to American intelligence, it has intensified since last month, at the same time as the accumulation of Russian troops near the border in the east of the country.
The cyber weapon to prepare the ground
To prepare Ukraine for these cyberattacks, specialists from the United States and the United Kingdom have been deployed there. The idea is to improve the cyber defense of the country and increase its cyber-resilience. The United States is even considering an on-site projection of NATO resources.U.S. Cyber Command. Will it only be to show that cyber fighters are there to intimidate Russian hackers? Certainly, because there is not much to do to secure the electrical network Ukrainian.
As we have already mentioned, it is fragile because of its infrastructure dating from the Soviet era mixed with more recent elements from Russia. Similarly, computer control systems for power plants are Russian. Finally, to top it off, the network is intertwined with that of Russia.
That is why, like a salvo of artillery aimed at preparing the ground for an offensive, thecyber weapon would be a very effective means of paralyzing Ukrainian infrastructure. The objective: to start another Hybrid War battle in order to destabilize the government to impose a leader who listens to Moscow. The cyber weapon is also ideal for settling current tension, since proof of attribution would remain, as always, difficult to bring.
In fact, there would be no need for an adventurous ground invasion. It would have serious consequences for Russia. In any case, experts imagine that, if a massive cyberattack takes place, it will most likely occur after Orthodox Christmas, that is, at the end of the first week of January. In the meantime, US intelligence officials are still figuring out how to respond to it offensively.
Interested in what you just read?
.
fs1