ESET Cybersecurity Researchers Find Malware Circulating In Ukraine, Russia Denies Involvement
JAKARTA - A newly discovered malware has circulated in Ukraine that attacked hundreds of computers. The findings were revealed by researchers at the cybersecurity firm, ESET. The software was described by Ukrainian officials as part of an intensifying wave of hacking aimed at the country.
In a series of statements posted to Twitter, ESET said the data erasure program had been "installed on hundreds of machines in the country", and was an attack it said had been carried out over the past few months.
Breaking. #ESETResearch discovered a new data wiper malware used in Ukraine today. ESET telemetry shows that it was installed on hundreds of machines in the country. This follows the DDoS attacks against several Ukrainian websites earlier today 1/n
— ESET research (@ESETresearch) February 23, 2022
Vikram Thakur of cybersecurity firm Symantec, which is also investigating the attack, told Reuters the infection had spread widely.
"We are seeing activity across Ukraine and Latvia," Thakur said. A Symantec spokesman even added Lithuania as another target.
Who was responsible for these wipers is unclear, although suspicion soon fell on the Russians. The country, led by President Vladimir Putin, has been repeatedly accused of launching data hacks against Ukraine and other countries. But Russia itself has denied all the accusations.
Ukraine has been repeatedly attacked by hackers in recent weeks or since Russia has deployed their troops around the border with Ukraine. Fears of a full-scale invasion increased after Moscow this week ordered troops into two separatist regions in eastern Ukraine.
Cybersecurity experts are also vying to dismantle the malicious program, a copy of which was uploaded to Alphabet's crowdsourced cybersecurity site, VirusTotal, for capability analysis.
Researchers eventually discovered that the removal software appeared to have been digitally signed with a certificate issued to an unknown Cypriot company. The company from Cyprus is called Hermetica Digital Ltd.
Because operating systems use code signing as an initial check on software, such certificates may be designed to help malicious programs evade anti-virus protection.
They obtain such certificates under false pretenses or even steal them. “But generally it's a sign of a “sophisticated and targeted” operator, said Brian Kime, vice president of ZeroFox, a US cybersecurity firm.
Contact details for Hermetica, which was founded in the Cypriot capital, Nicosia, almost a year ago, were not immediately available. The company doesn't seem to have a website. This is quite strange for a professional company.
Earlier on Wednesday, February 23, the websites of the Ukrainian government, the Ukrainian Ministry of Foreign Affairs and the Ukrainian security services, briefly went down in what the Ukrainian government said was the start of a denial of service (DDoS) attack.
"Around 4 pm, another mass DDoS attack in our state started. We have relevant data from a number of banks," said Mykhailo Fedorov, Minister of Digital Transformation, adding that the parliament's website was also hit.
But he did not say which banks were affected and the central bank could not immediately be reached for comment.
In a statement, Ukraine's data protection watchdog said hacking actions were currently on the rise.
"Phishing attacks on public authorities and critical infrastructure, the spread of malicious software, as well as attempts to penetrate private and public sector networks and further destructive actions have increased," Fedorov said.
Last week, the online network of Ukraine's defense ministry and two banks was overwhelmed with dealing with the disruption separately. The US company, Netscout Systems Inc, later said the impact was small.
The chairman of the US Senate Intelligence Committee, Mark Warner, spoke to Reuters before news of the wipers was announced, saying denial of service (DDoS) actions against Ukraine were still "a long way from what Russia could potentially give up."
Ukraine has been hit hard by digital attacks that the Kyiv side and several others say are from Russia. The attacks have emerged since 2014 when Moscow annexed the Crimean peninsula and backed a separatist insurgency in eastern Ukraine. But the Kremlin has again denied involvement in the attack.