The coordinated cyberattacks on Ukrainian government websites, as well as the deployment of data-wiper malware called WhisperGate on select government systems are part of a larger wave of malicious activities aimed at the country’s critical infrastructure.
The Ukrainian Secret Service confirmed the two incidents on Monday, adding that the breaches also used recently disclosed Log4j vulnerabilities to gain access to some of the compromised systems.
The SSC reported that , “The attack exploited vulnerabilities in the site’s content management systems (October CMS) and Log4j, as well as compromised accounts of development company employees. This comes just days after Microsoft warned of a malware operation targeting Ukrainian government, non-profit and information technology entities, attributing the attacks to a threat cluster codenamed “DEV-0586.”
“On individual servers and user computers, the attackers corrupted MBR records (the service information on the media required to access the data). Furthermore, this applies to both Windows and Linux operating systems.”
The Ukrainian Cyber Police, for their part, stated that they are looking into a combination of three intrusion vectors that were most likely used to carry out the attacks.
Finally the researchers concluded that ,” The current situation is about more than just hacking websites; it is an attack aimed at sowing panic and fear, destabilising the country. While neither the Cyber Police nor the SSU accused the defacements and destructive malware attacks on any threat group or state-sponsored actor, the Ukrainian Ministry of Digital Transformation accused Russia of waging a “hybrid war.”