Boston (AP) – Websites of the Ministries of Defense, Foreign and Internal Affairs of Ukraine were inaccessible or painfully slow to load on Thursday morning after a punitive wave of distributed attacks with denial of service, when Russia struck a neighbor, explosions shook the capital Kiev and other major cities .
In addition to DDoS attacks on Wednesday, cybersecurity researchers said unknown assailants infected hundreds of computers with destructive malware, some in neighboring Latvia and Lithuania.
Asked whether the attacks with denial of service continue on Thursday morning, a high-ranking representative of the Ukrainian cyber defense Victor Zhora did not answer. “Are you serious?” he wrote an sms. “There are ballistic missiles here.”
“It’s awful. We need peace to stop this. Immediately, ”Zhora said about the offensive announced by Russian President Vladimir Putin at dawn.
Officials have long expected that cyberattacks would precede and accompany any Russian military invasion. The combination of DDoS attacks that bombard websites with unnecessary traffic to make them inaccessible, and malware infections has evolved into a Russian collection of wedding cyber operations with real-world aggression.
ESET Research Laboratories said on Wednesday it had discovered an unprecedented piece of malware to clean data on “hundreds of machines in the country”. It was not clear how many networks were affected.
“As for whether the malware was successfully erased, we believe it is true, and the affected machines have been cleaned,” said Jean-Jan Buten, ESET’s head of research. He did not name the targets, but said they were “large organizations”.
ESET could not say who was responsible.
Symantec Threat Intelligence identified three organizations affected by Wiper malware – Ukrainian government contractors in Latvia and Lithuania and a financial institution in Ukraine, said its technical director Vikram Thakur. Both countries are members of NATO.
“The attackers pursued these goals without caring about where they might be physically,” he said.
All three had “close ties to the Ukrainian government,” Thakur said, saying Symantec believes the attacks were “very targeted.” He said about 50 computers of the financial organization were affected, some of the data was erased.
Asked about the windshield wiper attack on Wednesday, Jora did not comment.
Butin said the malware timestamp indicates it was created in late December.
“Russia probably planned this for several months, so it’s hard to say how many organizations or agencies were backdoors to prepare for these attacks,” said Chester Vishnevsky. chief researcher at cybersecurity firm Sophos. He suggested that the Kremlin intends to use “malware” to “send a message that they have compromised a significant amount of Ukrainian infrastructure, and these are just small pieces to show how widespread their penetration.”
A report of a wiper following a mid-January attack by Ukrainian officials blamed on Russia, in which the hacking of about 70 government websites was used to disguise an intrusion into government networks in which at least two servers were damaged by wiper-disguised malware. extortionists.
Cyberattacks have been a key tool of Russian aggression in Ukraine since 2014, when the Kremlin annexed Crimea and hackers tried to disrupt the election. They were also used against Estonia in 2007 and Georgia in 2008. Their intention may be to sow panic, confuse and distract.
Distributed denial-of-service attacks are among the least influential because they do not lead to network intrusions. Such attacks interrupt websites with unnecessary traffic, so they become inaccessible.
DDoS targets on Wednesday included the defense and foreign ministries, the Council of Ministers and Privatbank, the country’s largest commercial bank. Many of the same sites were shut down on February 13-14 as a result of DDoS attacks, which the US and British governments quickly accused of Russia’s military intelligence GRU
DDoS attacks on Wednesday proved less effective than before – with targeted sites soon to be reached again – as emergency response staff blunted them. The office of Zhora, Ukraine’s information protection agency, said the defendants had switched to another DDoS protection service provider.
Doug Medorey, Director of Internet Analysis at Kentik Inc., a network management firm, recorded two waves of attack each lasts more than an hour.
A spokesman for California’s Cloudflare, which provides services to some targeted sites, said Wednesday that DDoS attacks in Ukraine have been sporadic so far, but have risen over the past month, but “relatively modest compared to the large DDoS attacks we’ve done.” processed in the past ”.
The West blames the Russian GRU for some of the most harmful cyberattacks of all time, including a couple in 2015 and 2016 that briefly shut down parts of Ukraine’s power grid, and the 2017 NotPetya “wiper” virus, which caused more than $ 10 billion in damage. dollars in the world. by infecting companies doing business in Ukraine with malware that was founded through a tax software update.
Wiper malware detected in Ukraine this year has so far been activated manually, unlike a worm such as NotPetya, which can get out of control across borders.