The latest cyber attacks on the Ukrainian government have created a buzz among the cyber security experts and the citizens of the country.
On 14th January 2022, 70 Ukrainian government websites like the official website of the Ministry of Foreign Affairs, the Security and Defense Council, and the Cabinet of Ministers have been targeted in a threatening cyber attack, with hackers warning people to “be afraid and expect the worst.”
The following text appears on screens in Ukrainian, Russian, and Polish: “Ukrainian, please! Your entire personal information has been uploaded to the public network. All data on the computer has been destroyed and cannot be recovered.” The attackers briefly took down the public websites of several Ukrainian government agencies and defaced some sites with pro-Russian posts.
Aftermaths of the attack
Following the cyber attacks, the Security Service of Ukraine issued a statement stating that personal data had not been hacked and that most of the affected government websites had been fully restored.
According to the Technical Security and Intelligence Service of Ukraine, there is a common thread between individual government sites subjected to cyber-attacks. They were all assisted by a third-party company called Kitsoft, which built all of the agency’s websites.
A judicial investigation is pending, and it is not clear until after that if the Kitsoft supplier was compromised as the root cause; The Company’s chief executive said that it provides software that each agency manages independently and that the hacked government websites have not opted for continued support from the company.
During a brief conflict between Moscow and Tbilisi over South Ossetia in 2008, similar cyber tactics were used against Georgian government websites.
How did the attack happen?
Following the attack, there was malicious malware found on multiple computer systems in Ukraine. Microsoft revealed by the next few days that a “destructive malware” has been found on computer systems belonging to Ukrainian agencies and companies, including IT organizations that co-function along with the government of Ukraine.
A hacking organization is believed to exploit programs containing the Log4J2 protection vulnerability which stays un-patched in lots of pc structures and permits attackers to execute Java code to take control of targeted servers. Links to the hacking group have been made to Belarus and they used multiple techniques to break into authorities’ computer systems, which includes hacking right into a Ukrainian IT enterprise to launch a “supply chain” attack against its government clients.
Distributed denial of service assaults has been launched against an undisclosed wide variety of country organizations, in keeping with updates from the Ukrainian government. The attacks had been observed using a series of enormously visible tries to deface authority’s websites with provocative messages, in a try to distract from greater extreme attempts to manually plant malicious “wiper” malware on authorities’ IT systems. The “wiper” malware, first detected on 13 January 2020 acts as ransomware, but originally is made for destroying information on computer systems that are infected without giving the victims a chance to recover the data in return for a ransom payment.