Ukraine revealed Tuesday it had stopped a “massive” cyberattack against the country’s telecommunications network — and blamed the Kremlin for the attempted hack.
The Security Service of Ukraine, known as the SBU, said hackers tried to trick victims into downloading “counterfeit accounting documents infected with a virus,“ but did not say when the attack took place or how many systems were targeted.
“Employees of the Security Service of Ukraine blocked the attempt of Russian special services to conduct a large-scale cyberattack on the information and telecommunication systems of the judiciary of Ukraine,” the agency said in a statement.
The SBU said it traced the malware to command-and-control servers associated with Russian IP addresses.
The Kremlin has yet to comment on the allegations.
The attack is part of a familiar trend in Ukraine, which has been bombarded by Russian cyberattacks in recent years. Experts believe the Kremlin is using its neighbor as a testing ground for its cyberweapons, knowing there will be little retaliation from Kiev.
Ukraine suffered two destructive cyberattacks in 2015 and 2016 when hackers knocked out parts of the electrical grid, leaving hundreds of thousands of Ukrainians without power.
The 2017 NotPetya attack on Ukrainian financial companies spread around the world, causing billions of dollars in damage to thousands of companies including shipping giant Maersk and British advertising company WPP.
Earlier this year, the Trump administration joined the U.K., Ukraine and others in accusing Russia of carrying out the attack.
The latest hack comes amid heightened tensions in the region after Russia blocked three Ukrainian navy vessels from entering the Sea of Azov. Six crew members were injured in the ensuing standoff. The incident led to Ukraine declaring martial law.
“Ukraine and any other adjacent nations in a similar position need to be leery of attacks that soften, test, probe and seek to destabilize because destabilization is a heartbeat away from so-called police actions, nation-building, and adventurism,” Sam Curry, chief security officer at Cybereason, told VICE News in an email.
“The world needs to pay attention to Ukraine; it’s not a sideshow but is the main stage in Eastern Europe for the balance of world powers.”
The attack on Ukraine’s judicial system used highly tailored emails — known as spearphishing emails — in an attempt to trick victims into thinking the sender is someone they know or a member of their organization. This type of attack has become the primary delivery method for sophisticated malware.
“The attacks on Ukraine’s telecommunications systems highlight that attackers are once again relying on phishing as a means to target critical infrastructure,” Moreno Carullo, co-founder and CTO of Nozomi Networks, told VICE News.
“It is therefore extremely important that staff within critical infrastructure organizations are taught to recognize phishing emails and not to click on links or open attachments from unknown sources.”
Cover image: A silhouette of a man in a balaclava mask sitting at a laptop computer, with computer code in the background. (Sergei Konkov\TASS via Getty Images)