19 February 2017

Ukraine charges Russia with new cyber attacks on infrastructure


By Natalia Zinets

Ukraine on Wednesday accused Russian hackers of targeting its power grid, financial system and other infrastructure with a new type of virus that attacks industrial processes, the latest in a series of cyber offensives against the country. 

Oleksandr Tkachuk, Ukraine's security service chief of staff, said at a press conference that the attacks were orchestrated by the Russian security service with help from private software firms and criminal hackers, and looked like they were designed by the same people who created malware known as "BlackEnergy." 

Russia's Federal Security Service (FSB) could not be reached for comment. Moscow has repeatedly denied accusations from Kiev that it has been waging a "cyber war" on Ukraine since relations between the two countries collapsed following Moscow's 2014 annexation of Crimea and the outbreak of Russian-backed separatist fighting in Ukraine's Donbass region. 

The allegations are the latest sign that Russia's behavior in conflict areas has not changed markedly since Donald Trump became U.S. president last month, calling for warmer relations between Washington and Moscow. 

The new attacks caused some of Ukraine’s cyber defenders to cancel plans to attend this week’s RSA cyber security conference in San Francisco, according to one Western expert familiar with the situation. 

If the allegations are confirmed, that could help Ukraine further its case for the United States to help coordinate a multi-national effort to counter the threat of Russian cyber warfare. 

"There is a global cyber war of Russia against (the) whole world," President Petro Poroshenko told Reuters in an interview in January at the World Economic Forum in Davos. 

Ukraine said Russia made 6,500 cyber attacks on it in November and December alone. Ukraine blamed hackers for knocking out part of Kiev's power grid in December, and for attacks on the defense and finance ministries and the State Treasury. 

Tkachuk said at Wednesday's press conference that malicious software used in the campaign was designed to attack specific industrial processes. As an example, he said that the code included modules that sought to harm equipment inside the electric grid. 

"Russian hackers and infobots become an important tool of the aggression against our country," Tkachuk said. 

He said the attacks employed a mechanism dubbed "Telebots" to infect computers that control infrastructure. 

Slovakian cyber-security firm ESET used the same name in December to identify the hacking group responsible for attacks on Ukraine's financial sector and energy industries. 

ESET said it believed that Telebots had evolved from BlackEnergy, a hacking group that attacked Ukraine's energy industry starting in December 2015. 

ESET researcher Cameron Camp said that the latest attack software sounded like a modest adaptation of an program his firm had published a report on in December. 

Both campaigns were carefully targeted, opened back doors, sent out certain types of files to unknown masters, and downloaded tools that can wipe out those files. 

Without directly attributing the attack to the Russians, Camp said "If it walks like a duck and talks like a duck, it's duck-like." 

Separately on Wednesday, cyber security firm CyberX said that it had uncovered a separate espionage operation in Ukraine that had compromised more than 60 victims. 

Victims of the malware included an energy ministry, a scientific research institute and a firm that designs remote monitoring systems for oil & gas pipelines, according to CyberX. 

CyberX Chief Technology Officer Nir Giller said he was not sure who was behind the operation, but suspected it was conducting reconnaissance for launching further attacks.

No comments: