Ukraine Computers Hit By Data-Wiping Software
A newly discovered piece of destructive software found circulating in Ukraine has hit hundreds of computers, according to researchers at the cybersecurity firm ESET, part of what Ukrainian officials said was an intensifying wave of hacks aimed at the country.
The company said on Twitter that the data wiping program had been installed on hundreds of machines in the country, an attack it said had likely been in the works for the past couple of months.
Vikram Thakur of cybersecurity firm Symantec, which is also looking into the incident, told Reuters that infections had spread outside Ukraine.
“We see activity across Ukraine and Latvia,” Thakur said. A Symantec spokesperson later added Lithuania.
Who is responsible for the wiper is unclear, although suspicion immediately fell on Russia, which has repeatedly been accused of launching data-scrambling hacks against Ukraine and other countries. Russia has denied the allegations.
The victims in Ukraine included a government agency and a financial institution, according to three people who studied the malware since its release.
The new cyberattack required existing access to function, meaning those computer networks were already compromised, said Juan-Andres Guerrero-Saade, a cybersecurity researcher at digital security firm SentinelOne.
“In order to push this, they would have already needed domain admin. They basically owned the entire enterprise. The entire network. So, they didn’t have to do this. This was meant to damage, disable, signal and cause havoc,” said Guerrero-Saade.
Researchers found that the wiping software appeared to have been digitally signed with a certificate issued to an obscure Cypriot company called Hermetica Digital Ltd.