November 3, 2017 by

Hackers Target Ukraine with Phishing Campaign During BadRabbit Attack

The head of Ukraine’s state cyber police has revealed hackers tried to access confidential data with sophisticated phishing attacks in tandem with the recent ransomware strike with BadRabbit.

The recent BadRabbit ransomware attack made headlines after hitting the likes of Russia and Ukraine. The latter, in particular, was victim to flight delays at Odessa airport in the country’s south and electronic payments disruption in the Kiev metro. According to cybersecurity police chief Serhiy Demedyuk, the ransomware attack masked a far more powerful attack that targeted financial and confidential information.

The official was speaking at the sidelines of the Reuters Cyber Security Summit in Kiev, when he revealed authorities had “detected more powerful, quiet attacks that were aimed at obtaining financial and confidential information.”

Specifically, the attack was an increasingly common “hybrid attack”, according to Demedyuk.

He stated:

There is an open, let’s say instantly obvious attack, while underneath there is a hidden, fairly well-thought out attack, to which nobody pays attention. The main theory we’re working on now, is that they (the perpetrators of both attacks) were one and the same. The goal was to get remote and undetected access.

About 15 companies reported that they had been compromised and it is still unknown how many people or firms had been affected in total. Curiously, the attack targeted users of Russian-designed software called IC with targeted phishing emails that purported to originate from the software developer. IC products including accounting software and are widely used in Ukraine.

Further, Ukrainian authorities also prevented at least five other major attacks on strategic infrastructure and financial institutions since June, according to Demedyuk. One of these attacks saw an attempt to transfer 10 milion hryvnia (approx. $375,000) out of a company’s account, a criminal act that was blocked by the police. Now a frequent target of cyberattacks, Ukraine has been plagued by hacking attacks through backdoors installed by malicious hackers during the NotPetya cyberattack.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Ukraine’s Power Grid Outage Blamed on Hackers

Over the weekend, parts of northern Kyev in Ukraine saw power blackouts and the local energy company...

Read more arrow_forward

Kaspersky Provides More Information on the Sandworm APT Team

The Kaspersky team has recently provided more information on the (presumably) Russian APT group...

Read more arrow_forward

Zero-Day Used to Hack the NATO, Ukraine, and Others

A Russian group of hackers is reported to have used a zero-day vulnerability within Windows...

Read more arrow_forward