Ukraine has once again accused Russian intelligence services of launching cyberattacks against one of its government organizations. Ukrainian security service SBU announced that its employees blocked an attempt by Russian special services to breach information and telecommunications systems used by the country’s judiciary.
According to the SBU, the attack started with a malicious email purporting to deliver accounting documents. The documents hid a piece of malware that could have been used to disrupt judicial information systems and steal data.
Read more about the cyberattack attributed to Russia on SecurityWeek.
A cyber espionage campaign is targeting the Ukrainian government with custom-built malware which creates a backdoor into systems for stealing data — including login credentials and audio recordings of surroundings.
The remote access trojan is called Vermin and is delivered alongside two other strains of malware — Sobaken RAT and Quasar RAT — the latter of which is an open source form of malware freely available online. The three forms of malware have attacked hundreds of different victims in Ukraine, but appear to share infrastructure and connect to the same command and control servers.
The Ukrainian Secret Service (SBU) said today it stopped a cyber-attack with the VPNFilter malware on a chlorine distillation plant in the village of Aulska, in the Dnipropetrovsk region.
“The continuation of the cyberattack could have led to a breakdown of technological processes and possible crash,” the SBU said today in a press release in which it accused Russia of operating the malware and launching the attack. No other technical details were included in the SBU announcement in regards to how the cyber-attack unfolded.
Malware capable of causing power outages of up to a few days by ordering industrial computers to shut down electricity transmission has been discovered in portions of European grids, according to Slovakian security software maker ESET and U.S. critical-infrastructure security firm Dragos. The malware sample referred to as Crash Override or Industroyer has been linked to Russian government associated hackers and was likely used in the December 2016 Ukraine power cyber attack and could be leveraged against the U.S. with modifications.