CERT-UA Prevents Service Disruption to Ukraine News Agency from Russian Threat Actor
Category: Russia & Ukraine | Industry: Media | Level: Strategic | Source: CERT-UA
Due to the intervention of the Computer Emergency Response Team of Ukraine (CERT-UA) a cyberattack was thwarted from Russia against the National News Agency of Ukraine (Ukrinform). CERT-UA's response to the attack prevented any disruptions to Ukrinform's operations, however, damages were done to the organization's infrastructure. A response shared by Yurii Shchyhol, the head of the State Special Communications Service of Ukraine, states "Russians have been trying to cut off Ukrainians from the information on the current situation and the course of the war since the early days of the full-scale invasion. They have shut off Ukrainian TV, the Internet and mobile communication in the territories, temporarily controlled by the enemy. In addition, they have been striking TV and radio transmitting towers in multiple cities of Ukraine with their missiles. They have waged cyberattacks on Ukrainian media."
Further investigation into the attack by CERT-UA suspected the attempted deployment of the CaddyWiper malware using a Windows group policy (GPO). Users on Russian Telegram channel "CyberArmyofRussia_Reborn" were found bragging about the attack however, there was no mention of the attack stopping operations in Ukrinform, only characterizing the attack as an "achievement." Other messages on the channel involve messages regarding DDoS and defacement attacks. Based on initial findings, CERT-UA assesses the Russian threat group, Sandworm (UAC-0082) to be involved in the attack.