The head of Ukraine’s state cyber police has revealed hackers tried to access confidential data with sophisticated phishing attacks in tandem with the recent ransomware strike with BadRabbit.
The recent BadRabbit ransomware attack made headlines after hitting the likes of Russia and Ukraine. The latter, in particular, was victim to flight delays at Odessa airport in the country’s south and electronic payments disruption in the Kiev metro. According to cybersecurity police chief Serhiy Demedyuk, the ransomware attack masked a far more powerful attack that targeted financial and confidential information.
The official was speaking at the sidelines of the Reuters Cyber Security Summit in Kiev, when he revealed authorities had “detected more powerful, quiet attacks that were aimed at obtaining financial and confidential information.”
Specifically, the attack was an increasingly common “hybrid attack”, according to Demedyuk.
There is an open, let’s say instantly obvious attack, while underneath there is a hidden, fairly well-thought out attack, to which nobody pays attention. The main theory we’re working on now, is that they (the perpetrators of both attacks) were one and the same. The goal was to get remote and undetected access.
About 15 companies reported that they had been compromised and it is still unknown how many people or firms had been affected in total. Curiously, the attack targeted users of Russian-designed software called IC with targeted phishing emails that purported to originate from the software developer. IC products including accounting software and are widely used in Ukraine.
Further, Ukrainian authorities also prevented at least five other major attacks on strategic infrastructure and financial institutions since June, according to Demedyuk. One of these attacks saw an attempt to transfer 10 milion hryvnia (approx. $375,000) out of a company’s account, a criminal act that was blocked by the police. Now a frequent target of cyberattacks, Ukraine has been plagued by hacking attacks through backdoors installed by malicious hackers during the NotPetya cyberattack.