Ukraine blames Russia for a new massive attack on its telecommunications network

• On December 4, 2018, Ukraine announced having fended off a cyberattack against its national telecommunications network, which it suspects to be the work of Kremlin-backed attackers.
• The Security Service of Ukraine (SBU) said that the attackers attempted to trick the targeted victims in downloading malware-infected counterfeit accounting documents.

Ukraine’s national telecommunications network was recently hit by hackers. On December 4, 2018, the Security Service of Ukraine (SBU) announced having fended off a massive cyberattack against its national telecommunications network. The SBU suspects that the attack is the work of Kremlin-backed attackers.

The SBU said that it had traced the ransomware’s command-and-control servers to those associated with the Russian IP address. However, details about when did the attack took place and how many systems were targeted, currently remain unknown.

The Russia - Ukraine cyberwar

The attack could part of the long and increasingly concerning cyberwar between Ukraine and Russia, which first began in the aftermath of Russia’s annexation of Crimea. Over the past few years, Ukraine has accused the Kremlin of launching multiple attacks against its government entities.

• Ukraine was affected by the two destructive attacks in 2015 and 2016, when attackers hacked parts of the nation’s electrical grid, leaving thousands of people without power.

• Ukraine’s financial companies were among those affected by the NotPetya ransomware in 2017. The attack targeted scores of organizations across the globe causing millions of dollars in damages. Earlier this year, the US government joined Ukraine in accusing Russia of carrying out the NotPetya attacks last year.

“Ukraine and any other adjacent nations in a similar position need to be leery of attacks that soften, test, probe and seek to destabilize because destabilization is a heartbeat away from so-called police actions, nation-building, and adventurism,” Sam Curry, the chief security officer at Cybereason told VICE News. “The world needs to pay attention to Ukraine; it’s not a sideshow but is the main stage in Eastern Europe for the balance of world powers.”

“The attacks on Ukraine’s telecommunications systems highlight that attackers are once again relying on phishing as a means to target critical infrastructure,” Moreno Carullo, co-founder and CTO of Nozomi Networks told VICE News.

The new attack on Ukraine’s critical infrastructure, like previous ones, was carried out via phishing emails that posed as coming from legitimate sources. This type of attack has become the primary delivery technique for malware.

It is, therefore, extremely important to educate the employees of critical infrastructure organizations to recognize phishing emails. Staffers must also be trained not to click on links or open attachments that are sent by unknown sources.