According to experts, hackers of the Russian special services are involved in cyberattacks in Ukraine and the United States
KIEV – The National Cyber Security Coordination Center under the NSDC reports a high level of cyber threat in Ukraine due to a large-scale cyber attack on the servers of a number of federal agencies in the United States. This is stated on December 14 on the website of the National Security and Defense Council of Ukraine.
According to the NSDC, «the attack is very similar to the Ransom: Win32 / Petya attack that took place in Ukraine in 2017».
«Almost all US government agencies were affected by the attack. The turning point occurred through the update server of the SolarWinds Orion Platform product management system (its versions 2019.4 – 2020.2.1 HF1). The attack is associated with the activities of the hacker group APT29 or Cozy Bear, which is partly accused of having links with the Russian foreign intelligence service», – noted in the message by the press service of the National Security and Defense Council.
At the same time, experts from the National Cybersecurity Coordination Center emphasize that «SolarWinds products are not very common in use by government agencies in Ukraine, the risks for the defeat of Ukrainian government systems are not critical».
«However, the high activity of hacker groups that are associated with the Russian special services threatens those business entities that use this product, and therefore in Ukraine, which is in a state of hybrid war with the Russian Federation.», – underlined in the message.
Businesses using SolarWinds products are encouraged to check their networks for indicators of compromise.
National news agency «Ukrinform» recalls that over the past three months, the Center for Cybersecurity under the NSDC has recorded more than 22 million cyber incidents.
On December 12, the National Cyber Security Coordination Center warned of the growing threat to Ukrainian information systems due to cyber attacks on the American company FireEye.
As reported by the American media on December 14, several US government agencies have been victims of hacker attacks orchestrated by a foreign government. This was announced on Sunday by representatives of the American government..
Cybersecurity experts believe Russia may be behind attacks on the US Department of Commerce and the Treasury, and the press has described these attacks as the most sophisticated attacks on government systems in years..
The Russian Foreign Ministry denied these allegations, calling them “a groundless attempt by the American media to blame the cyberattacks on Russia”.
Past hacker attacks
The founder of the international volunteer community InformNapalm Roman Burko on his Facebook page notes that over the past few years, the press has repeatedly written about events related to the activities of the hacker group APT29 or Cozy Bear.
«In July 2020, Reuters, citing a statement from the UK’s National Cyber Security Center (NCSC), reported that Russian hackers were trying to steal research on vaccines and treatments for COVID-19 from academic and pharmaceutical institutions around the world. In a coordinated statement from the UK, the US and Canada, the hacker group APT29 is named as the attackers», – reminds Roman Burko.
He writes on Facebook that in June 2016 there were statements about the fixation of the intervention of Russian hackers from APT29 in the information systems of the National Committee of the Democratic Party of the United States.
«Russia continues to provoke the United States, I wonder what the subsequent response to these audacious actions in cyberspace will be?» – asks Roman Burko.
Cyberattacks are real
Managing Partner of the National Anti-Crisis Group Taras Zagorodny notes that after Russia introduced sanctions against the party «Servants of the people» Kremlin demonstrates willingness to aggravate relations with Ukraine.
«A critical situation with water is now emerging in Crimea, and it is possible that Russia will pedalize this topic and use it in some way, including as various provocations against Ukraine.», – Taras Zagorodny says to the correspondent of the Russian Service «Voices of America».
He notes that cyber provocations, an attack on the critical infrastructure of Ukraine, Russia is conducting «as part of a proxy and hybrid war on our territory without the use of a force component».
«These cyberattacks are real, Russia is not interested in the stability of the Ukrainian economy. For example, if the virus is in nuclear power plants, or can rock the banking system, this could lead to large-scale shocks in the country.», – notes by Taras Zagorodny.
The National Cyber Security Coordination Center under the National Security and Defense Council, he said, is actively countering Russian attacks.
«No cybersecurity concerns since 2014 – the best confirmation of this», – emphasizes Taras Zagorodny.
Reasons for hacker activity
Analytical Center Political Expert «House of Democracy» Anatoly Oktisyuk believes that there are several versions of the surge in the activity of Russian hacker groups.
«With regard to Ukraine – this may be the reaction of Russia to the actions of the Ukrainian authorities on the Donbass issue, in connection with the sanctions against Ukrainian politicians and the water blockade of Crimea», – says Anatoly Oktisyuk to the correspondent of the Russian Service «Voices of America».
The activation of the international community in the prevention and fight against the coronavirus pandemic could also attract the attention of hacker groups, the political expert notes..
«It is likely, and this has already been written in the Western press, that the activity of hackers not only from Russia, but also from North Korea and China may be associated with the race for the vaccine. It is possible that special services from non-democratic countries are trying to find and steal scientific developments on a vaccine against coronavirus», – emphasizes Anatoly Oktisyuk.