Malware Targeting Ukraine Could Have Impact On Other Countries, Here's The Fact!

The Cybersecurity and Infrastructure Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a Cybersecurity Advisory. (photo: Ed Hardie/Unsplash)

JAKARTA - Ukraine is currently experiencing a tense conflict situation with Russia, including in cyberattacks targeting organizations in the country. However, this cyber attack can also have an impact on other countries.

The Cybersecurity and Infrastructure Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a Cybersecurity Advisory, warning that the destructive malware that has been used to target organizations in Ukraine could affect US businesses, among others.

The alert provides information about WhisperGate and HermeticWiper, two types of malware seen in recent attacks against organizations in Ukraine.

WhisperGate is a form of removal malware that disguises itself as ransomware, but instead of encrypting files, it targets the system's master boot record for destruction.

The malware, first discovered by the Microsoft Threat Intelligence Center, was used in several cyberattacks against Ukrainian targets in January, including government, non-profit, and technology organizations.

HermeticWiper, another type of intrusion-removing malware, was used to target Ukrainian organizations shortly before the launch of the Russian invasion. Discovered by ESET, the malware renders the computer inoperable.

The attacks that ESET observed, targeting hundreds of computers in the region, came just hours after a series of distributed denial of service (DDoS) attacks took several important websites in the country offline.

The Cybersecurity Advisory further warned that while there is no particular threat to US organizations related to tensions with Russia over Ukraine, businesses should strengthen their defenses and increase their vigilance.

"Disruptive malware can present a direct threat to an organization's daily operations, impacting the availability of critical assets and data," CISA and the FBI said in a statement.

“Further disruptive cyberattacks against organizations in Ukraine are likely to occur and may inadvertently extend to organizations in other countries. Organizations should raise awareness and evaluate their capabilities which include planning, preparation, detection, and response to such events."

Even so, the US has not officially linked the wiper attack to Russia, but Cybersecurity Advisory said the threat actors were spreading malware leading to Russia's unprovoked attacks on Ukraine.

CISA and the FBI are urging businesses in the US to take further action to protect themselves by enabling multi-factor authentication, deploying antivirus and anti-malware programs, switching to spam filters, updating all software and filtering network traffic.