Ukrainian government authorities are warning of a “large-scale” cyberattack against local government agencies and private companies through the deployment of another booby-trapped software update, according to a cryptic press release published Thursday by the Secret Service of Ukraine (SBU).
“SBU notifies about preparing of a new wave of large-scale attack against the state institutions and private companies,” the release notes. “The SBU experts received data that the attack can be conducted with the use of software updating, including public applied software. The mechanism of its realization will be similar to cyber-attack of June 2017.”
The use of the word “realization” in the SBU’s statement has led some security researchers to believe the government is likely preparing, once again, for a destructive-style attack.
The SBU did not respond to a request for comment.
The ambiguous warning comes four months after a Russian hacking group, dubbed “Telebots” or “Sandworm Group” by security researchers, broke into a popular Ukrainian accounting software maker to infect the company’s update servers with destructive ransomware. For several weeks afterwards, whenever a user attempted to upgrade their software they would also download hidden, malicious computer code.
On June 27, millions of hidden logic bombs exploded, causing a rapid outbreak of “NotPetya” ransomware.
Products made by this Ukrainian accounting software firm, known as M.E.Doc, continue to be used by the country’s public and private sector. In the June 27 incident, multinational corporations with business ties to Ukraine, who had similarly installed the software, were caught up in the blast and lost millions of dollars due to disrupted business operations. Those corporations included American organizations.
The M.E.Doc incident is far from the only case of a group targeting a supply chain weakness to penetrate valuable organizations. For example, hackers were similarly able to corrupt the update mechanism behind a popular file cleaning tool named CCleaner to dispense custom backdoor implants into targeted technology firms.
The attackers in this case, according to some security researchers, may have come from hackers connected to the Chinese government.