One year after the global NotPetya wiper malware incident that the U.S. and UK attributed to Russia, Moscow-sponsored hackers may be on the verge of launching another large-scale damaging cyberattack against Ukraine, according to a Tuesday Reuters report citing a Ukrainian law enforcement official.
In an interview with Reuters, cyber police chief Serhiy Demedyuk accused Russia of installing malicious backdoors on the systems of companies based in Ukraine, in preparation for a potential cyber offensive. Targets reportedly include banks and energy infrastructure firms. “Analysis of the malicious software that has already been identified and the targeting of attacks on Ukraine suggest that this is all being done for a specific day,” said Demedyuk, reportedly.
Just last May, researchers at Cisco Systems' Talos threat intelligence unit blamed Russian actors for infecting millions of routers and Network Attached Storage devices with VPNFilter, a malware that can spy on network traffic, exfiltrate data, and potentially brick systems and cut victims off from the internet. The surreptitious campaign especially focused on Ukrainian targets.
Kremlin spokesperson Dmitry Peskov denied Demedyuk's accusations in a Wednesday response, the report states.
On June 27, 2017, the NotPetya worm, which at first appeared to be a variant of Petya ransomware but was actually destructive wiper malware, infected Ukrainian government agencies and businesses via a malicious software update. However, it also ended up infecting companies around the globe, including FedEx, Maersk, Merck and others.
Reuters further reports that since the start of 2018, Ukrainian "have identified viruses in phishing emails sent from legitimate domains of state institutions whose systems were hacked and fake webpages mimicking that of a real state body."