Ukraine claims Russian security services were guilty of cyberattack
▶ Intelligence agency in Kiev points finger at Moscow after another wave of global panic
Ukraine has accused Russian security services of responsibility for a cyber attack last week.
The SBU, Ukraine’s state security operation, said the offensive – which started in Ukraine and spread around the world on Tuesday – was the work of the same hackers who went after the Ukrainian power grid in December.
Ukrainian politicians were quick to blame Russia for Tuesday’s events, but a Kremlin spokesman dismissed “un- founded blanket accusations”.
Cyber security firms are trying to piece together who was behind the computer worm, dubbed NotPetya by some experts, which seized up computers, hit banks, disrupted shipping and shut down a chocolate factory in Australia.
The attack also hit major Russian firms, leading some cyber security researchers to suggest that Moscow was not behind it.
The malicious code in the virus encrypted data on computers and demanded victims pay a US$300 (Dh1,100) ransom, similar to the extortion tactic used in a global WannaCry ransomware attack in May.
Ukrainian officials and some security experts said the ransomware was a smokescreen.
Relations between Ukraine and Russia went into freefall after Moscow’s annexation of Crimea in 2014 and the subsequent outbreak of a Kremlin-backed separatist insurgency in eastern Ukraine in which more than 10,000 people have died.
Hacking Ukrainian state institutions is part of what Ukraine says is a “hybrid war” by Russia.
Moscow denies sending troops or military equipment to eastern Ukraine.
“The available data, including those obtained in cooperation with international antivirus companies, give us reason to believe that the same hacking groups are involved in the attacks, which in December 2016 attacked the financial system, transport and energy facilities of Ukraine using TeleBots and BlackEnergy,” the SBU said.
“This testifies to the involvement of the special services of Russian Federation in this attack.”
The SBU in an earlier statement on Friday said it had seized equipment it claimed belonged to Russian agents in May and June to launch online attacks.
Referring to the $300 ransomware demand, the SBU said: “The virus is cover for a largescale attack on Ukraine. This is evidenced by a lack of a real mechanism for taking possession of the funds – enrichment was not the aim of the attack.
“The main purpose of the virus was the destruction of important data, disrupting the work of public and private institutions in Ukraine and spreading panic among the people.”
A cyber attack in December on a Ukrainian state energy computer caused a power cut in the northern part of the capital Kiev.
The Russian foreign ministry and Federal Security Service did not immediately respond to requests for comment on the latest allegations, but Russian lawmaker Igor Morozov told the RIA Novosti news agency that the Ukrainian charges were “fiction” and that the attacks were likely to be the work of the United States.
Russian oil major Rosneft was one of the first companies to reveal it had been compromised by the virus, and sources said computers at state gas giant Gazprom were also infected.
The SBU’s accusations chime with some of the findings of the cybersecurity firm ESET in Slovakia, which said in research published on Friday that the Telebots group – which has links to BlackEnergy – was behind the attack.
This testifies to the involvement of the special services of Russia in this attack
“Collecting ransom money was never the top priority for the TeleBots group,” it said, suggesting Ukraine was the target but the virus spread globally as “affected companies in other countries had VPN connections to their branches, or to business partners, in Ukraine.
“The TeleBots group continues to evolve in order to conduct disruptive attacks against Ukraine,” it said.
“Prior to the outbreak, the Telebots group targeted the financial sector in the main. The latest outbreak was directed against businesses in Ukraine, but they apparently underestimated the malware’ spreading capabilities. That’s why the malware went out of control.”
Most of the organisations affected by the attack recovered within 48 hours.
Meanwhile, , in a joint security report from the department of homeland security and the FBI, the US warned American industrial firms about hacking activity targeting the nuclear and energy sectors.
Since at least May, hackers used phishing emails to “harvest credentials” so they could gain access to networks of their targets, according to the report released on Thursday.
The report said that in some cases hackers succeeded in compromising the networks of their targets, though it did not identify the victims.