Russian military was behind 'NotPetya' cyberattack in Ukraine, CIA concludes
A laptop displays a message after it was infected with ransomware resembling the 'NotPetya' attack last year. (Rob Engelaar/European Pressphoto Agency) January 12 at 6:46 PM
The CIA has attributed to Russian military hackers a cyberattack that crippled computers in Ukraine last year, an effort to disrupt that countryâs financial system amid its ongoing war with separatists loyal to the Kremlin.
The June 2017 attack, delivered through a mock ransomware virus dubbed NotPetya, wiped data from the computers of banks, energy firms, senior government officials and an airport.
The GRU military spy agency created NotPetya, the CIA concluded with âhigh confidenceâ in November, according to classified reports cited by U.S. intelligence officials.
The CIA declined to comment.
Ukraine has been a significant target of GRU cyberattacks coinciding with Russiaâs annexation of Crimea and aggression elsewhere. The NotPetya assault was launched on Ukraineâs Constitution Day, a public holiday.
The virus also affected computer systems in Denmark, India and the United States, but more than half of those victimized were in Ukraine.
[Ukraine ransomware attack was a ruse to hide culpritâs identity]
The attacks reflect Russiaâs mounting aggression in cyberspace as part of a larger âhybrid warfareâ doctrine that marries traditional military means with cyber-tools to achieve its goal of regional dominance. âItâs a pattern of more bold, aggressive action,â said Robert Hannigan, former head of Britainâs GCHQ intelligence agency.
The hackers used what is known as a âwatering holeâ attack. They infected a website to w hich they knew their targets would navigate â" in this case, a Ukrainian site that delivered updates for tax and accounting software programs.
Itâs a tactic that Russian government hackers also have used to compromise industrial control system networks. The goal here was âthe disruption of Ukraineâs financial system,â said Jake Williams, founder of the cybersecurity firm Rendition Infosec.
In a twist, the attackers used malware that appeared to be ransomware â" a technique that encrypts victimsâ data and decrypts it only if a ransom is paid, to make it appear as though criminal hackers or some group other than a nation state were the culprits.
[U.S. declares North Korea carried out massive WannaCry cyberattack]
They deployed NotPetya a month after a different worm, WannaCry, infected computers with ransomware in 150 countries. The U.S. National Security Agency linked that virus to the North Korean government, The Washington Post reported las t year.
âFor many days, people were classifying NotPetya as an actual ransomware,â said Matt Suiche, founder of Comae Technologies, a cybersecurity firm. âIt took a few days for people to understand what it was doingâ â" that it was permanently wiping data, he said.
The hackers worked for the military spy serviceâs GTsST, or Main Center for Special Technology, the CIA reported. That unit is highly involved in the GRUâs cyberattack program, including the enabling of influence operations.Source: Google News Ukraine | Netizen 24 Ukraine