Short News:-
The latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed: "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017.
The malware, dubbed WhisperGate, was discovered by Microsoft last week. It is fashioned as a multi-stage process that downloads a payload that wipes the master boot record (MBR), then downloads a malicious DLL file hosted on a Discord server, which drops and executes another wiper payload that destroys files by overwriting their content with fixed data on the infected hosts. Whispergate has some strategic similarities to the notorious NotPetya malware that attacked Ukrainian entities in 2017.
Detailed News:
Analysis of the wiper malware that hit dozens of Ukrainian government agencies earlier this month has found that it has "strategic similarities" to the NotPetya malware that hit the country's infrastructure and other places in 2017.
The malware, called WhisperGate, was found by Microsoft last week. Microsoft said it saw a cyber campaign targeting government, non-profit, and information technology organizations in the country, and it blamed it on a new threat cluster called "DEV-0586."
This is how the WhisperGate infection chain works: First, a payload that wipes the master boot record (MBR) is downloaded. This payload then downloads a malicious DLL file from a Discord server, which drops and runs another payload that permanently deletes files by overwriting their content with fixed data on the infected hosts.
The findings come a week after about 80 Ukrainian government websites were hacked, with the country's intelligence agencies confirming that the two attacks are part of a wave of malicious activities targeting its critical infrastructure. They also said that the attacks used Log4j flaws to get into some of the compromised systems.
Russia is using the country as a "cyberwar testing ground," Wired's Andy Greenberg said in a 2017 report on the cyberattacks that hit the country's power grid in late 2015 and caused unprecedented blackouts. This is because Russia is trying out new ways to fight online.
The systems in Ukraine face problems that may not be the same for systems in other parts of the world, Talos researchers said. Extra protections and precautionary measures need to be used. "It's very important to make sure that those systems are both patched and hardened to help the region avoid the threats it faces."
NotPetya, the notorious ransomware that hit Ukranian businesses in 2017, has some strategic similarities to WhisperGate, but it has more parts that can do more damage. "WhisperGate masquerades as ransomware and destroys the master boot record (MBR) instead of encrypting it," Cisco Talos said in a report on its response efforts.
The cybersecurity company said that stolen credentials were most likely used in the attack. It also said that the threat actor had access to some of the victim networks months before the infiltrations took place, which is a sign of a sophisticated APT attack.
Post a Comment
Your suggestions and comments are welcome