Concern Over Ukrainian Cyber Attack Prompts US Agencies to Issue Advisory

This week Ukraine was hit by a massive cyber attack that targeted government websites. Posted to websites for the country’s Ministry of Foreign Affairs, Cabinet of Ministers and Security, and Defense Council, was a message written in Ukrainian, Russian and Polish that read: “Ukrainian! All your personal data was uploaded to the public network. All data on the computer is destroyed, it is impossible to restore it. All information about you has become public, be afraid and expect the worst. This is for your past, present and future.”

Microsoft said late Saturday that dozens of computer systems at an unspecified number of Ukrainian government agencies have been infected with destructive malware disguised as ransomware. This disclosure suggests the potential that the attention-grabbing defacement attack on official websites was a diversion.

The full extent of the damage remains unclear, as does the exact identity of the attackers. While Russian state-sponsored hackers have been suspected to be behind the attacks, subsequent findings point to a group linked to Belarus intelligence. Belarus and Russia are close allies. The incident has increased tensions within the region and globally as other countries come to the defense of Ukraine.

Following the attack, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) released a joint Cybersecurity Advisory (CSA) providing an overview of Russian state-sponsored cyber operations, including commonly observed tactics, techniques, and procedures. The CSA also provides detection actions, incident response guidance, and mitigations. CISA, the FBI, and NSA released the joint CSA to help the cybersecurity community reduce the risk presented by Russian state-sponsored cyber threats.

CISA, the FBI, and NSA encourage the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness, conduct proactive threat hunting, and implement the mitigations identified in the joint CSA. CISA recommends network defenders review CISA’s Russia Cyber Threat Overview and Advisories page for more information on Russian state-sponsored malicious cyber activity.

CISA also recommends critical infrastructure leaders review CISA Insights: Preparing For and Mitigating Potential Cyber Threats for steps to proactively strengthen their organization’s operational resiliency against sophisticated threat actors, including nation-states and their proxies.

 

By Sharon Lo Managing Editor, Defense Transportation Journal and The Source