Government

Massive supply chain cyberattack on the horizon in Ukraine, according to police

The attack may come through another booby-trapped software update, according to a cryptic press release published Thursday by the Secret Service of Ukraine.

By Chris Bing

October 13, 2017

(Flickr user eltpics)

Ukrainian government authorities are warning of a “large-scale” cyberattack against local government agencies and private companies through the deployment of another booby-trapped software update, according to a cryptic press release published Thursday by the Secret Service of Ukraine (SBU).

“SBU notifies about preparing of a new wave of large-scale attack against the state institutions and private companies,” the release notes. “The SBU experts received data that the attack can be conducted with the use of software updating, including public applied software. The mechanism of its realization will be similar to cyber-attack of June 2017.”

The use of the word “realization” in the SBU’s statement has led some security researchers to believe the government is likely preparing, once again, for a destructive-style attack.

The SBU did not respond to a request for comment.

The ambiguous warning comes four months after a Russian hacking group, dubbed “Telebots” or “Sandworm Group” by security researchers, broke into a popular Ukrainian accounting software maker to infect the company’s update servers with destructive ransomware. For several weeks afterwards, whenever a user attempted to upgrade their software they would also download hidden, malicious computer code.

On June 27, millions of hidden logic bombs exploded, causing a rapid outbreak of “NotPetya” ransomware.

Products made by this Ukrainian accounting software firm, known as M.E.Doc, continue to be used by the country’s public and private sector. In the June 27 incident, multinational corporations with business ties to Ukraine, who had similarly installed the software, were caught up in the blast and lost millions of dollars due to disrupted business operations. Those corporations included American organizations.

The M.E.Doc incident is far from the only case of a group targeting a supply chain weakness to penetrate valuable organizations. For example, hackers were similarly able to corrupt the update mechanism behind a popular file cleaning tool named CCleaner to dispense custom backdoor implants into targeted technology firms.

The attackers in this case, according to some security researchers, may have come from hackers connected to the Chinese government.

Massive supply chain cyberattack on the horizon in Ukraine, according to police

More Like This

FBI director warns of China’s preparations for disruptive infrastructure attacks

House passes bill to limit personal data purchases by law enforcement, intelligence agencies

Decade-old malware haunts Ukrainian police

Top Stories

Treasury official: Small financial institutions have ‘growth to do’ in using AI against threats

‘Large volume’ of data stolen from UN agency after ransomware attack

More Scoops

Supply chain cyberattack with possible links to North Korea could have thousands of victims globally

This firmware flaw was bad enough, but then researchers looked at the supply chain

ASUS issues patch, downplays scope of APT hack of its supply chain

Russian hackers found the ‘ultimate’ hacking tool buried in the supply chain of laptops

Trisis has the security world spooked, stumped and searching for answers

CCleaner attack was focused on stealing data from top level tech firms

Maersk may lose up to $300M due to NotPetya attack

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics