Following Russia's attack on Ukraine, the Kremlin's official website and several other major Russian government websites have gone offline. Currently, the websites to go offline include Kremlin (kremlin.ru), the official website of Russian President Vladimir Putin, the Russian Ministry of Defense, and the Russian Parliament's official website (aka the Duma). Although it is unclear whether these websites were taken down as a result of a cyberattack or a technical error.
This comes just one day after a suspected hack took out a number of Ukrainian government websites. Ukraine is on the radar of cybercriminals, according to two cybersecurity organisations with a strong presence in the country, ESET and Symantec Threat Intelligence, which have revealed that the country's computer networks are being targeted with devastating data-wiper malware.
According to an ESET assessment, the new data wiper malware has targeted hundreds of computer systems in Ukraine. In one example, it infiltrated the victim's device's Microsoft Active Directory server. The virus appears to have been created five hours before it was released into the world, implying that its code and operational infrastructure were likely already set up and ready to go.
According to ESET's analysis, the malware employed in the attack was HermeticaWiper, which is typically distributed via Windows group policies. This suggests that attackers may have gained complete control of their target's internal networks. According to the organisation, the malware corrupts data by exploiting genuine drivers from a disk management utility, EaseUS Partition Master software.
Furthermore, the Wiper binary is signed "using a code signing certificate issued to Hermetica Digital Ltd," according to ESET researchers. When the wiper is activated, it launches the EaseUS disk partition application and, if the data is corrupted, it reboots the machine.
However, Stairwell's security researcher Silas Cutler noted that HermeticaWiper may access both local data and the master boot record part of the hard drive, preventing the computer from booting into the operating system following the device's forced reboot. This is comparable to the WhisperGate malware.
Given the time-stamp data of one of the samples, this attack could have been in the works for two months. According to Symantec Threat Intelligence, the Wiper is followed by a distributed denial of service (DDoS) attack on a number of Ukrainian websites.
It should be noted that on February 16th, 2022, Ukrainian banks and government websites were also subjected to a series of DDoS attacks. The cyberattacks were blamed on Russia by the governments of the United Kingdom and the United States. The sites of Ukraine's Ministry of Foreign Affairs, Cabinet of Ministers, and Parliament were among those affected.
