Russian bombings accompany cyberattacks

Les sites des ministères de la défense et de l’intérieur ukrainiens, ou encore les services de certaines banques ukrainiennes, étaient difficilement accessibles, jeudi 24 février, et ce depuis vingt-quatre heures, en raison inform d’une de type atta « In service”. These official sites are blocked by a traffic flow specially created to make them inaccessible; the source of these attacks leaves no room for doubt: in recent months, similar actions have already affected the Ukrainian public services and attributed to Ukraine and almost all experts, to Russia.

It is clear that these attacks are only the tip of the iceberg of threats. Overnight, computer security companies discovered two more subtle and potentially more destructive processes. Slovak digital security company ESET announce They detected new malware of this type wiper (“Wiper”), designed to wipe the contents of hard disks, on “Several hundred machines” in Ukraine.

“We assume that this malware succeeded in erasing the contents of the infected devices”, Jan-Ian Putin, head of research at ESET, explained to The Associated Press. The company did not want to provide exact details of the program’s objectives, but made it clear “big organizations”. According to findings from Symantec, the antivirus company, “Subcontractors in Latvia and Lithuania”, which works for the Ukrainian government, as well as a Ukrainian bank, are among the affected companies. Last week, two of Ukraine’s leading banks, PrivatBank and Oschadbank, were among the targets of a denial of service attack.

fake government websites

Computer security researchers, who work with the investigation site Bellingcat, also have Detect the presence of besieged sitesOstensibly designed to trick targets in Ukraine into downloading malware, its technical infrastructure is linked to previous operations carried out by Russia’s military intelligence, the GRU.

The discovered sites were carbon copies of official Ukrainian sites, visit them “I support the president” have been added. Clicking this button will start the download of malware, the exact functions of which have not yet been determined. These sites do not appear to have been used in an active campaign, but were prepared, as early as December 2021, for a future operation against targets in Ukraine.

Ukraine and its companies are regularly exposed to computer attacks, a significant part of which is attributed to Russian, state or criminal actors. In 2017, the country He was the first to hit him wiper NotPetya, which paralyzed thousands of businesses and public services, including banks, supermarkets, gas stations and even automated radioactivity sensors in Chernobyl, a hundred kilometers north of Kiev. Then the malware spread to many other countries, including Russia, causing serious damage, but Ukraine and most experts attribute its creation and dissemination to Russian services.

In comparison, cyber attacks and attempted attacks in recent days are still relatively small in size. Given the strength of its military superiority on the ground, Russia does not yet need to disable the Ukrainian communication networks for its armored vehicles to deploy in the Donbass. Asked by the Associated Press whether denial-of-service attacks were continuing Thursday, on official websites, a Ukrainian cyber defense official replied via SMS: “Were you serious? There are ballistic missiles falling here.”