KEEP IN TOUCH
Subscribe to our mailing list to get free tips on Data Protection and Cybersecurity updates weekly!
 
															



 
								
The National Security and Defense Council of Ukraine (NSDC) has linked Russian-backed hackers to attempts to breach state agencies after compromising the government’s document management system.
The System of Electronic Interaction of Executive Bodies (SEI EB) hacked in this attack is used by most public authorities to share documents, as the country’s national security and defense agency explained.
“The NCCC at the NSDC of Ukraine warns of a cyberattack on the document management system of state bodies,” an advisory published earlier today says.
“The methods and means of carrying out this cyberattack allow to connect it with one of the hacker spy groups from the Russian Federation.”
Also Read: In Case You Didn’t Know, ISO 27001 Requires Penetration Testing
The Russian-linked threat actors attempted to use the document sharing system “to disseminate malicious documents,” with the end goal of infecting systems belonging to Ukrainian public authorities.
Malicious documents uploaded to the SEI EB system by the attackers bundled macros designed to silently download and deploy a malware payload onto the targets’ computers.
Once it infected the systems, the malware would’ve allowed the threat actors to control the victims’ machines remotely.
“According to the scenario, the attack belongs to the so-called supply chain attacks,” the NSDC added.
“It is an attack in which attackers try to gain access to the target organization not directly, but through the vulnerabilities in the tools and services it uses.”
While the Ukrainian cybersecurity agency did not attribute this attack to a specific Russian APT group, it did provide indicators of compromise (IOCs) to allow security admins to detect and block future attacks using the same infrastructure.
On Monday, the NSDC also accused threat actors with Russian-ties of launching DDoS attacks on Ukrainian government sites, including those of the Security Service of Ukraine, and the National Security and Defense Council of Ukraine.
It is believed that Egregor threat actors launched the attacks in retaliation to arrests of alleged Egregor ransomware operation members two weeks ago.
Also Read: 4 Considerations In The PDPA Singapore Checklist: The Specifics
One day after the Security Service of Ukraine (SBU) published a press release on the Egregor arrests, the SBU’s website was hit by a DDoS attack and became inaccessible.