Malware Discovered on Ukrainian Devices as Banks Suffer Cyberattacks

As the war escalates between Russia and Ukraine, the nation’s banks and government agencies were stuck with disruptive cyberattacks for the second time in two weeks.  

Last week, several banks and government agencies were affected by denial-of-service attacks (DDoS), which resulted in knocking down their websites’ security and functionalities. 

Now, a similar set of attacks have occurred on Wednesday, with Mykhailo Fedorov, Ukraine’s Minister of Digital Transformation, saying that DDoS attacks had struck websites for several of the nation’s government agencies, including its Foreign Ministry and Security Service, as well as those of several large banks.  

Meanwhile, risk analysts with cybersecurity agency ESET claimed that Ukraine had additionally been struck by a harmful “wiper” malware—comparable, in kind, to one used in an assault on Ukrainian authorities’ companies in January. 

The malware, which reportedly has been “installed on hundreds of machines in the country,” might be used to degrade knowledge on the units it has contaminated, ESET researchers tweeted.  

It is worth mentioning that officials have expected, for a long time, that cyber-attacks will pave the way and go in synchronization with any Russian military incursion.  

Analysts expressed that the activity was carved from Russia’s playbook of cyber operations with real-world aggression.  

ESET Research Labs note that it has detected a previously unseen piece of data-wiping malware Wednesday on “hundreds of machines in the country.”   

“With regards whether the malware was successful in its wiping capability, we assume that this indeed was the case and affected machines were wiped,” said ESET research chief Jean-Ian Boutin. While he did not specify the identity of the targets; but said they were “large organizations.” ESET was unable to say who was responsible.  

According to Symantec Threat Intelligence, three organizations were hit by the wiper malware, Ukrainian government contractors in Latvia and Lithuania, and a financial institution in Ukraine, said Vikram Thakur, its technical director. Both countries are NATO members.  

“The attackers have gone after these targets without much caring for where they may be physically located,” he said.  

All three targets had “close affiliation with the government of Ukraine,” said Thakur, saying Symantec believed the attacks were “highly targeted.” He said roughly 50 computers at the financial outfit were impacted, some with data wiped.  

Last but not least, U.S. Deputy National Security Advisor for Cyber Anne Neuberger told the press that they have information showing that “GRU infrastructure was seen transmitting high volumes of communication to Ukraine-based IP addresses and domains.”