iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Hackers apparently attached to the Sandworm hacking group have tried to take the Ukrainian National News Agency — also known as Ukrinform — offline.
But while the attempt did succeed at disrupting some Ukrinform systems, it did not disrupt daily operations.
The attack was launched on 17 January, and Ukraine’s Computer Emergency Response Team of Ukraine — or CERT-UA — was called in to investigate after the attack was announced on the Telegram channel CyberArmyofRussia_Reborn. Initial investigations revealed that attackers had successfully inserted the CaddyWiper malware.
“According to preliminary data, the CaddyWiper malicious program was launched centrally in order to violate the integrity and availability of information using Group Policy (GPO),” CERT-UA said in an announcement translated from Ukrainian into English.
“Taking into account the set of characteristic features, we assume that the cyber attack was carried out by the UAC-0082 (Sandworm) group, whose activities are associated with the Russian Federation.”
CERT-UA is assisting Ukrinform to get its affected systems back online.
Yurii Shchyhol, the head of Ukraine’s State Service of Special Communications and Information Protection (SSSCIP), was incensed by the attack.
“Russians have been trying to cut off Ukrainians from the information on the current situation and the course of the war since the early days of the full-scale invasion,” Shchyhol said in a separate announcement. “They have shut off Ukrainian TV, the internet and mobile communication in the territories, temporarily controlled by the enemy, and they have been striking TV and radio transmitting towers in multiple cities of Ukraine with their missiles. They have waged cyber attacks on Ukrainian media.
“The recent attack on Ukrinform is yet another attempt to wipe out the truth,” SSSCIP head Shchyhol pointed out.
CaddyWiper was first discovered in March 2022 when ESET revealed its discovery on Twitter. It is deployed via a default Group Object Policy, which ESET pointed out suggests hackers had previous access to a network. The malware is designed to erase user data, but avoids wiping data on domain controllers, allowing operators to continue accessing affected systems.
It also seems to have been compiled and used on the very same day and does not seem to be related to any previously observed malware.
While hard numbers for cyber attacks — especially in recent months — are difficult to gauge, in the year to June 2022, Ukraine was targeted by nearly 800 separate attacks.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
