Security researchers have discovered the use of the cyber weapon “HermeticWiper” in Ukraine, which could already have destroyed hundreds of computers.
(Photo: dpa)
san francisco Just hours before the start of the fighting in Ukraine, demands for digital ransom payments were received on numerous computers in Ukraine. According to an analysis by the US security company Symantec, they were just a diversionary tactic to launch a large-scale cyber attack on organizations from the financial sector, aviation, the IT industry and the defense authorities. Websites in the EU states of Lithuania and Latvia are also affected.
The security researchers suspect that the demand for a ransom was intended to mislead the victims. While the employees in the organizations were still considering whether or not to pay the ransom, the cyber weapons destroyed the computer systems in the background. Hundreds of systems are affected.
The aim of the weapon is to destroy the central unit of a computer, the so-called master boot record, which is important for starting the devices. The devices can then no longer be used.
The security expert Juan Andrés Guerrero-Saade from the US-Israeli company SentinelOne gave such a cyber weapon the name “HermeticWiper” and attested a high level of technical details in his analysis.
Top jobs of the day
Find the best jobs now and
be notified by email.
In security circles, a high level of complexity is an indication that the cyber weapon was developed by government agencies. The structure is similar to cyber weapons from the APT33 hacker group suspected in Iran and the Lazarus hacker group suspected in North Korea. According to security expert Guerrero-Saade, the aim of the attack is clear: “It was intended to cause damage, disruption and devastation.”
>> Read about this: Telekom boss Höttges warns of cyber attacks in the Ukraine crisis: “The threat is there”
A team from the Czech security company Eset also recently registered hundreds of attacks with “HermeticWiper”. The attack – so the Czechs assume in their analysis – had been prepared for at least two months.
The cyber weapon owes its name to a certificate used by the Cypriot computer games company Hermetica Digital. Behind the company is the 24-year-old developer Polis Trachonitis, who recently denied to the Reuters news agency that he was in any way connected to the attack. “I am Cypriot and have nothing to do with Russia,” Trachonitis explained.
A spokesman for the US security service provider Cloudflare, which is also used by many companies in Europe, told the Handelsblatt: “Cyber attacks on Ukrainian websites have increased slightly and have become more persistent.” .” In general, an increase in Internet use was registered, as many Ukrainians are currently using the Internet to search for news and information.
Cyber attacks paralyze government sites in Ukraine
In addition to the use of targeted cyber weapons, other attacks were registered on the Internet. The attacks are so-called Distributed Denial of Service attacks, or DDoS for short. Servers are bombarded with a barrage of pointless requests until they collapse.
“Around 4 p.m. (3 p.m. CET) another massive DDoS attack on our state began,” wrote Digital Minister Mykhailo Fedorov on the Telegram news channel on Wednesday. The parliament website, the government portal and the website of the Ministry of Foreign Affairs are affected by the overload caused by the large number of inquiries.
A similar attack disrupted a smaller number of websites in Ukraine last week. Cyber authorities in the UK and US immediately blamed Russian hackers for the attack. However, Moscow denied having been involved.
In January, the Ukrainian government had already accused Russia of being behind another wave of DDoS and a smaller, less sophisticated wave of wiper attacks. Access to most websites was restored within a few hours.
Beware of global escalation of cyber attacks
The attacks could quickly spread beyond Ukraine and neighboring countries. For example, the chip industry is heavily dependent on Ukraine, the White House in Washington recently warned. Analysis house Techcet estimates that over 90 percent of US shipments of semiconductor-grade neon come from Ukraine, while 35 percent of US palladium is sourced from Russia.
The US Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning about Russian cyberattacks on US networks, following previous CISA warnings about the risks of Russian cyberattacks on critical US infrastructure. The European Central Bank (ECB) has warned European financial institutions of the risk of Russian cyberattacks in the event of sanctions and related market disruptions.
“We have observed that threat groups attributed to the Russian government by U.S. government agencies have been conducting reconnaissance operations against U.S. industrial infrastructure, including key power and natural gas sites, in recent months,” said Rob Lee, CEO of cybersecurity firm Dragos , the US magazine “Harvard Business Review”.
Companies in Germany could also be affected. Because Ukraine has a strong IT industry. Many companies use Ukrainian service providers. According to the Ukrainian Ministry of Foreign Affairs, more than 100 of the world’s top 500 companies rely at least partially on IT services from Ukraine. Several Ukrainian IT companies are among the top 100 best outsourcing options for IT services worldwide.
More: “Red alert”: Security authorities fear massive attacks by Russian hackers on energy supplies