Select Page

The coordinated cyberattacks targeting Ukrainian government websites and the deployment of a data-wiper malware called WhisperGate on select government systems are part of a broader wave of malicious activities aimed at sabotaging critical infrastructure in the country.

The Secret Service of Ukraine on Monday confirmed that the two incidents are related, adding the breaches also exploited the recently disclosed Log4j vulnerabilities to gain access to some of the compromised systems.

“The attack used vulnerabilities in the site’s content management systems (October CMS) and Log4j, as well as compromised accounts of employees of the development company,” the SSU said, corroborating prior disclosure from the Ukraine CERT team.

The disclosure comes days after Microsoft warned of a malware operation aimed at government, non-profit, and information technology entities in Ukraine, attributing the attacks to a threat cluster codenamed “DEV-0586.”

“The attackers corrupted MBR records (the service information on the media required to access the data) on individual servers and user computers. Moreover, this applies to both operating systems running Windows and Linux.”

The Ukrainian Cyber Police, for its part, noted that it’s investigating a combination of three intrusion vectors that were likely used to pull off the attacks — supply chain attack targeting an IT firm which manages websites for the Ukrainian government, exploitation of the flaw in October CMS, and Log4j vulnerabilities.

images from Hacker News