SBU exposes the Russian origin of recent hacker attacks on governmental and infrastructural information systems
The SBU officers thwarted systematic intrusion attempts into information systems on a number of state institutions and agencies, regional local government bodies, state enterprises of critical infrastructure.
In particular, the SBU specialists prevented and blocked a large-scale cyber-attack on Ukrainian resources with the use of domestic mail servers. This autumn, massive phishing emails containing harmful software designed to steal sensitive information were distributed to the official emails of central executive authorities.
The SBU officers established that after the opening of the malicious attachment, the file code was starting to implement a mechanism for full distance control of the affected computer. The SBU specialists found that the client part of the DarkTrack hacking software, after installation, was connecting to server hardware (command&control servers) with Russian IP-addresses. In fact, the Russian hackers, controlled by the Kremlin, were able to covertly and remotely administer Ukrainian web resources and conduct informational retrieval.
The SBU also documented cyber-attacks organized by the Russian intelligence services by two types of 'PSCrypt' type virus.
The SBU operatives found that the hackers, using social engineering methods, organized massive distribution of phishing email to the official electronic addresses of local authorities. The attached files contained malicious code designed to encrypt the data on information systems of regional critical infrastructure objects.
The law enforcers established that opening the attached file triggered download of a malicious file to the affected computer. Once installed, the software carried out disks encryption and posted on the desktop information about the need to pay for decryption through anonymous electronic accounts. In most cases, mentioned phishing emails came through Russian mail servers.
After establishing all the circumstances of cyber-attack, the relevant SBU Department, through regional authorities, distributed clear recommendations to employees responsible for cyber security in the state entities, to prevent infections and encryption of information systems and to minimize threats to national security in the information sphere.
The instant response ensured prevention, localization and neutralization of these large-scale cyber-attacks.
The SBU, as the key national security structure, will continue to take all necessary measures aimed at protecting the critical informational infrastructure of the state.
For the Attention of the SBU Head