November 3, 2017 by

Hackers Target Ukraine with Phishing Campaign During BadRabbit Attack

The head of Ukraine’s state cyber police has revealed hackers tried to access confidential data with sophisticated phishing attacks in tandem with the recent ransomware strike with BadRabbit.

The recent BadRabbit ransomware attack made headlines after hitting the likes of Russia and Ukraine. The latter, in particular, was victim to flight delays at Odessa airport in the country’s south and electronic payments disruption in the Kiev metro. According to cybersecurity police chief Serhiy Demedyuk, the ransomware attack masked a far more powerful attack that targeted financial and confidential information.

The official was speaking at the sidelines of the Reuters Cyber Security Summit in Kiev, when he revealed authorities had “detected more powerful, quiet attacks that were aimed at obtaining financial and confidential information.”

Specifically, the attack was an increasingly common “hybrid attack”, according to Demedyuk.

He stated:

There is an open, let’s say instantly obvious attack, while underneath there is a hidden, fairly well-thought out attack, to which nobody pays attention. The main theory we’re working on now, is that they (the perpetrators of both attacks) were one and the same. The goal was to get remote and undetected access.

About 15 companies reported that they had been compromised and it is still unknown how many people or firms had been affected in total. Curiously, the attack targeted users of Russian-designed software called IC with targeted phishing emails that purported to originate from the software developer. IC products including accounting software and are widely used in Ukraine.

Further, Ukrainian authorities also prevented at least five other major attacks on strategic infrastructure and financial institutions since June, according to Demedyuk. One of these attacks saw an attempt to transfer 10 milion hryvnia (approx. $375,000) out of a company’s account, a criminal act that was blocked by the police. Now a frequent target of cyberattacks, Ukraine has been plagued by hacking attacks through backdoors installed by malicious hackers during the NotPetya cyberattack.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Ukraine’s Power Grid Outage Blamed on Hackers

Over the weekend, parts of northern Kyev in Ukraine saw power blackouts and the local energy company...

Read more arrow_forward

Kaspersky Provides More Information on the Sandworm APT Team

The Kaspersky team has recently provided more information on the (presumably) Russian APT group...

Read more arrow_forward

Zero-Day Used to Hack the NATO, Ukraine, and Others

A Russian group of hackers is reported to have used a zero-day vulnerability within Windows...

Read more arrow_forward