Register now to get free unlimited access to Reuters.com
Register
LONDON/KIEV (Reuters) – A newly discovered destructive piece of software found circulating in Ukraine has infected hundreds of computers, researchers at cybersecurity firm ESET said, in part of what Ukrainian officials describe as a massive wave of hacks targeting the country.
In a series of statements posted on Twitter, the company said data wiping software “has been installed on hundreds of devices in the country,” an attack it said likely has been in the works over the past two months.
Vikram Thakur of cybersecurity firm Symantec, which is also looking into the attacks, told Reuters the infection had spread widely.
Register now to get free unlimited access to Reuters.com
Register
“We see activity across Ukraine and Latvia,” Thakur said. A Symantec spokesperson later added Lithuania.
It is unclear who was responsible for the scanner, although suspicions immediately prevailed over Russia, which has repeatedly been accused of conducting data-stealing hacks against Ukraine and other countries. Russia denied the allegations.
Ukraine has already been hit by intruders repeatedly in the past few weeks as Russia masses its forces around its borders. Fears of a large-scale invasion escalated after Moscow this week ordered it to send troops to two breakaway regions in eastern Ukraine. Read more
Cybersecurity experts are racing to discover the malware, a copy of which was uploaded to the Alphabet-owned crowdsourcing cybersecurity site VirusTotal, to see its potential.
The researchers found that the scanning software appears to have been digitally signed with a certificate issued by a shadowy Cypriot company called Hermetica Digital Ltd.
Since operating systems use code signing as an initial test for programs, such a certificate may have been designed to help rogue software evade antivirus protections. Obtaining such a certificate under false pretenses – or theft – is not impossible, said Brian Kime, US vice president of cybersecurity at ZeroFox, but is generally a sign of a “sophisticated and targeted” operator.
Contact details for Hermetica – which was set up in the Cypriot capital, Nicosia, about a year ago, were not immediately available. The company does not appear to have a website.
Earlier on Wednesday, the websites of the Ukrainian government, the Foreign Ministry and the State Security Service were down in what the government described as the start of another denial of service (DDoS) attack.
“At around 4pm, another mass DDoS attack began on our state. We have relevant data from a number of banks,” said Mikhailo Fedorov, Minister of Digital Transformation, adding that the parliament’s website was also bombed.
He did not say which banks were affected and the central bank could not be reached for comment.
In a statement, Ukraine’s data protection watchdog said hacks are on the rise.
“Phishing attacks on public authorities and critical infrastructure, the spread of malware, as well as attempts to penetrate public and private sector networks, and further destructive actions have intensified,” she said in an email.
Last week, the Internet networks of the Ukrainian Defense Ministry and two banks were jammed with separate intervention. Netscout Systems Inc of America (NTCT.O) He later said that the effect was modest. Read more
Speaking to Reuters before news of the mop was published, US Senate Intelligence Committee Chairman Mark Warner said the rejection of the services’ actions against Ukraine was still “far below what Russia could unleash.”
Ukraine has been hit by a drumbeat of digital attacks that Kiev and others have blamed on Russia since 2014 when Moscow annexed Crimea and backed a separatist insurgency in eastern Ukraine. The Kremlin denied any involvement.
Register now to get free unlimited access to Reuters.com
Register
(Reporting by Christopher Bing and Jonathan Landay in Washington); Maria Tsvetkova and Natalia Zenets in Kiev; James Pearson and Raphael Satter in London; Writing by Raphael Satter; Editing by Alex Richardson and Grant McCall
Our criteria: Thomson Reuters Trust Principles.