Friday, February 25, 2022

#CYBERWAR
Cypriot IT company denies links to malware found before Russian invasion

by GCT


On February 23rd, the threat intelligence community began observing a new wiper malware sample circulating in Ukrainian organizations.

Our analysis shows a signed driver is being used to deploy a wiper that targets Windows devices, manipulating the MBR resulting in subsequent boot failure.

This blog includes the technical details of the wiper, dubbed HermeticWiper, and includes IOCs to allow organisations to stay protected from this attack.

This sample is actively being used against Ukrainian organizations, and this blog will be updated as more information becomes available.

A 24-year-old videogame designer who runs his small business out of a home next to an old Greek orthodox Cypriot church in a quiet suburb of Nicosia now finds himself involved in a global crisis following the Russian invasion of Ukraine.

Polis Trachonitis’ firm, Hermetica Digital Ltd, has been implicated by US researchers in a data-shredding cyber attack that hit hundreds of computers in Ukraine, Lithuania, and Latvia.

Discovered on Wednesday night just hours before Russian troops rolled into Ukraine, the cyber attack was widely seen as the opening salvo of Moscow’s invasion.

The malware had been signed using a digital certificate with Hermetica Digital’s name on it, according to the researchers, some of whom have started calling the malicious code “HermeticWiper” because of the connection.

Trachonitis told Reuters he had nothing to do with the attack. He said he never sought a digital certificate and had no idea one had been issued to his firm.

“I’m just a Cypriot guy .. I have no link to Russia.”

Ukraine calls on hackers to help cyber defence against Russia

Requests for volunteers appeared on hacker forums by cybersecurity companies who were contacted by the Ukrainian government to help defend essential infrastructure from Russian forces.

Hacker volunteers would be divided into defensive and offensive cyber units. (AP Archive)

The government of Ukraine has been asking for volunteers from the country's hacker underground to help defend critical infrastructure and conduct cyber spying missions against Russian troops.

As Russian forces attacked cities across Ukraine, according to two people involved in the project, requests for volunteers began to appear on hacker forums on Thursday morning, as many residents fled the capital Kiev.

"Ukrainian cybercommunity! It's time to get involved in the cyber defence of our country," the post read, asking hackers and cybersecurity experts to submit an application via Google docs.

Yegor Aushev, the co-founder of a cybersecurity company in Kiev, told Reuters news agency that he wrote the post at the request of a senior Defense Ministry official who contacted him on Thursday.

The effort to build a cyber military force is coming late in the game, Aushev acknowledged.

Aushev said the volunteers would be divided into defensive and offensive cyber units.

The defensive unit would be employed to defend infrastructures such as power plants and water systems.

The offensive volunteer unit Aushev said he is organising would help Ukraine's military conduct digital espionage operations against invading Russian forces.

READ MORE: Russia-Ukraine crisis: 'It was 5 in the morning and we were under attack'

Cyber army


Reached late Thursday night in Ukraine, Aushev said he already had received hundreds of applicants and was going to begin vetting to ensure that none of them were Russian agents.

"We have an army inside our country," Aushev said.

Another person directly involved in the effort confirmed that the request came from the Defense Ministry but ministry representatives did not respond to a request for comment.

On Wednesday, a newly discovered piece of destructive software was found circulating in Ukraine, hitting hundreds of computers, according to researchers at the cybersecurity firm ESET.

Suspicion fell on Russia, which has repeatedly been accused of hacks against Ukraine and other countries.

The victims included government agencies and a financial institution, Reuters previously reported.

Russia has denied the allegations.

In a 2015 cyberattack, widely attributed to Russian state hackers, 225,000 Ukrainians lost electricity.

 





No comments: