Connect with us

Hi, what are you looking for?

Business

Data-wiping software found on ‘hundreds’ of Ukraine computers

A newly discovered piece of destructive software found circulating in Ukraine has hit hundreds of computers, according to researchers at the cybersecurity firm ESET, part of what Ukrainian officials said was an intensifying wave of hacks aimed at the country. The company said on Twitter that the data wiping program had been installed on hundreds of machines in the country, an attack it said had likely been in the works for the past couple of months. Vikram Thakur of cybersecurity firm Symantec, which is also looking into the incident, told Reuters that infections had spread outside Ukraine. “We see activity across Ukraine and Latvia,” Thakur said. A Symantec spokesperson later added Lithuania. Who is responsible for the wiper is unclear, although suspicion immediately fell on Russia, which has repeatedly been accused of launching data-scrambling hacks against Ukraine and other countries. Russia has denied the allegations. The victims in Ukraine included a government agency and a financial institution, according to three people who studied the malware since its release. The new cyberattack required existing access to function, meaning those computer networks were already compromised, said Juan-Andres Guerrero-Saade, a cybersecurity researcher at digital security firm SentinelOne. “In order to push this, they would have already needed domain admin. They basically owned the entire enterprise. The entire network. So, they didn’t have to do this. This was meant to damage, disable, signal and cause havoc,” said Guerrero-Saade. Researchers found that the wiping software appeared to have been digitally signed with a certificate issued to an obscure Cypriot company called Hermetica Digital Ltd. Get the latest updates in the Russia-Ukraine conflict with the Post’s live coverage. Because operating systems use code-signing as an initial check on software, such a certificate might have been designed to help the rogue program dodge anti-virus protections. Getting such a certificate under false pretenses – or stealing it – isn’t impossible, but it is generally the sign of a “sophisticated and targeted” operator, said Brian Kime, a vice president at U.S. cybersecurity firm ZeroFox. Contact details for Hermetica – which was set up in the Cypriot capital, Nicosia, almost a year ago, were not immediately available. The company did not appear to have a website. Earlier on Wednesday the websites of Ukraine’s government, foreign ministry and state security service were down in what the government said was another denial of service (DDoS) attack. “At about 4 p.m., another mass DDoS attack on our state began. We have relevant data from a number of banks,” said Mykhailo Fedorov, Minister of Digital Transformation, adding that the parliament website was also hit. He did not say which banks were affected and the central bank could not immediately be reached for comment. “Cyber is now simply a component of hybrid warfare,” said Guerrero-Saade. Ukraine’s data protection watchdog said hacks were on the upswing. “Phishing attacks on public authorities and critical infrastructure, the spread of malicious software, as well as attempts to penetrate private and public sector networks and further destructive actions have intensified,” it said in an email. Last week, the online networks of Ukraine’s defense ministry and two banks were overwhelmed in a separate intrusion. The U.S. company Netscout Systems Inc NTCT.O later said the impact had been modest. U.S. Senate Intelligence Committee Chairman Mark Warner, speaking to Reuters before news of the wiper was made public, said the denial of services actions against Ukraine were still “well short of what Russia could potentially unleash.” Ukraine has suffered a drumbeat of digital assaults that Kyiv and others have blamed on Russia since 2014 when Moscow annexed the Crimean peninsula and backed a separatist rebellion in eastern Ukraine. The Kremlin has denied any involvement.

Click to comment

Leave a Reply

Your email address will not be published.




Advertisement

You May Also Like

Business

Contact The Author Female employees at CNN are furious that chief spokesperson Allison Gollust is keeping her job after lying about her affair with...

Business

Katie Couric dished on Jeff Zucker and Allison Gollust’s relationship in her tell-all memoir last fall, saying it struck staffers as “super strange” when...

Business

North Korean hackers managed to steal a fortune in cryptocurrency in 2021, according to the results of a recent study. Cybercriminals based in North...

Finance

THE COUNTRIES of East and South-East Asia are renowned, even envied, for reshaping global supply chains. Less well appreciated is the extent to which...