Russian Malware Disrupted Ukrainian Organizations Before Invasion 

russia hybrid war

 Based on an alert posted by CISA on February 26, Russian-backed threat actors targeted a host of significant Ukrainian organizations, aiming to destabilize the country’s digital infrastructure before starting the invasion. 

 On February 15, a little over a week before the first set of Russian troops entered Ukraine, the Microsoft Threat Intelligence Center (MTIC) reported that several Ukrainian organizations were attacked by WhisperGate – a destructive malware intended to make infected devices inoperable. 

 A day before the invasion, independent researchers also noted the use of malware called HermeticWhisper, targeting Windows devices and resulting in boot failure. 

 By targeting these organizations, Russia’s cyber force was attempting to destabilize critical Ukrainian entities’ operations and data sharing. 

 The hackers targeted government sites and large Ukrainian banks, temporarily affecting the online banking system.  

 The cybersecurity community fears that these attacks will spill over crucial organizations in other countries, as Russia has faced worldwide condemnation for its attack on a peaceful, sovereign nation. 

 When it comes to Ukraine, these cyber-attacks by Russia are nothing new, but they seem to have escalated over the past year.  

 Any Ukraine-based company for the next 6 months can get entirely free access to SecurityScorecard’s enterprise license to protect themselves from malware resilience in light of ongoing cyber-attacks. We are also providing them with free access to SecurityScorecard forensics remediation team to deal with ransomware issues or to recover from any outage. Simply email Ukraine@securityscorecard.io 

  Our Threat Research & Intelligence team has been analyzing the scope, impact, and attribution of cyber-attacks involving both Russia and Ukraine. We are partnering with U.S. authorities to further aid their efforts. 

 References: