Ukrinform

History

2023: Hacker attack with five viruses at the same time

On January 27, 2023, it became known about a massive hacker on the national news agency of Ukraine (Ukrinform). According to the Ukrainian Computer Incident Response Service (CERT-UA), as part of the cyber attack, the attackers used five different malicious programs at the same time:

• CaddyWiper (for Windows);
• ZeroWipe (Windows);
• Delete (Windows);
• Terrible shred (Linux);

- BidSwipe ( FreeBSD ).

5 viruses simultaneously attacked the news agency of Ukraine and destroyed a large amount of data

We are talking about ransomware viruses. The attackers launched CaddyWiper malware using Windows Group Policy (GPO), thereby showing that they had hacked the news agency's network in advance. As CERT-UA found out during the investigation, the attackers gained remote access to the Ukrinform network on December 7, 2022 and waited more than a month before releasing a mixture of malware.

According to CERT-UA, for the purpose of centralized distribution of malware, a Group Policy Object (GPO) was created, which, in turn, ensured the creation of appropriate scheduled tasks. It is noted that the final stage of the cyber attack was initiated on January 17, 2023, as a result of which part of the data storage systems was affected.

State secure government line They said that CERT-UA specialists are assisting in the restoration of Ukrinform's infrastructure and are continuing to investigate the incident by January 2023. The department was accused Russia of this cyber attack on Ukrinform. In CERT-UA attributed the attack to the Sandworm group and linked it to the group's previous attack using a previously undocumented Sandworm data cleaner based on a base Golang called SwiftSlicer.

According to the profile portal Bleeping Computer, the Sandworm group is credited with communicating with the Main Intelligence Directorate (GRU) of the Russian General Staff. There is no confirmation of this.^[1])

Notes