Russian Hackers Connected with Attacks that Targets Ukrainian Government!

Russian Hackers Connected with Attacks that Targets Ukrainian Government!

National Security and Defense Council of Ukraine has attached to Russian-backed hackers while attempting a data breach under state agencies after infecting the government’s document management system.

What Exactly Happened?

National security and Defense agency explained that the SEI EB tends for System of Electronic Interaction of Executive Bodies is also infected with this attack, which is accessed by the public authorities while sharing the documents.

Whereas NCCC at the NSDC of Ukraine also alters the government about this cyberattack, executed on the document management system of state bodies. The process and methods used in this attack are similar to the hacker spy group from the Russian Federation.

Meanwhile Russian linked the attacker that execute this attack and share the system information while penetrating the malicious documents intentionally and the attacker s main motive is to infect the systems that belong to the Ukrainian public authorities.

Several malicious documents are uploaded to the SEI EB system are used by the attackers that bundled the macros designed and download the malware payload into the victim’s system. As the system is infected the malware assists the attacker by establishing a remote connection remotely.

Russian Hackers Connected with Attacks that Targets Ukrainian Government!

The NSDC also said that according to the pattern of the attacks are belong to the supply chain attacks. In this attack, the hacker tries to get access to infected organizations by using the vulnerabilities present in the services and tools that they use.

On the other hand, the Ukrainian Security agencies were not able to find any attribute by this attack that specifies the Russian APT group. Whereas they assist the indicators of compromise and all the security administrators to detect and block the upcoming attacks that were used to targeting the same infrastructure.

Why DDoS Attacks are Associated with Russian Actors?

On 22nd February 2021, the NSDC also said that the attacker is tied-up with Russian and they launch DDoS attacks on the government of Ukrainian, which also includes the Security Service of Ukraine and the National Security and Defense Council of Ukraine.

The experts also said that 2 weeks ago the Egregor threat attacks initiate this attack while retaliation to arrest the responsible person from the Egregor ransomware operation team.

After some time the Security Service of Ukraine also published a press release that confirms the Egregor arrest and also disclosed that the SBU website was infected by a DDoS attack and it became inaccessible for some time.

Leave a Reply