Cyber security firm backs UK, US govts on Russian cyber attacks claims.
Cyber security firm FireEye has said it found links between a Russian-based hacking group, Sandworm Team, and the Petya ransomware attack that crippled IT systems globally last year.
Evidence analysed by FireEye iSIGHT Intelligence team,
including details of a Sandworm Team ransomware campaign in March 2017 and
technical data from a M.E.Doc update server, suggests a link between the Petya
ransomware campaign and Sandworm Team, FireEye said in a statement.
Last week, the US and Britain directly implicated the
Russian military of being directly behind a cyber-attack on Ukraine that spread
globally last year. In the NotPetya attack, businesses with strong trade links
with Ukraine, such as the UK's Reckitt Benckister, Dutch delivery firm TNT and
Danish shipping giant Maersk were affected. The attack is estimated to have cost
companies more than $1.2bn.
Petya and NotPetya are two related pieces of malware that
affected thousands of computers worldwide in 2017. Both Petya and NotPetya aim
to encrypt the hard drive of infected computers; while Petya is a standard
piece of ransomware used to extract bitcoin payments from victims, NotPetya is
widely believed to be a state-sponsored Russian cyberattack masquerading as
ransomware. M.E.Doc is an accounting software maker implicated in spreading NotPetya
John Hultquist, director of intelligence analysis at FireEye
said the Russia-nexus cyber espionage group Sandworm Team has used malware
several times against Ukrainian entities since the fall of 2015. The earliest
variations simply wiped the victims' machines; however, in 2017 a ransomware
component was introduced. "These prior attacks share features, including
distribution through a compromised software provider and a wiper masquerading
as ransomware, with the June 2017 Petya attack, supporting a link between
Sandworm and Petya," Hultquist added.
Sandworm Team is best known for causing two blackouts in
Ukraine, and while their attention is often focused there, they have targeted
systems in the West as well, Hultquist said. Previously, Sandworm Team was
found to have penetrated several US utilities, suggesting a preparation for
attack, he added.
Russia has dismissed the claims, terming them
"baseless". The government has pointed out that Russian businesses
were among those whose systems were affected. Ukraine has been locked in armed conflict
with Russian-backed separatists since Moscow annexed Crimea in 2014.
UK Defence Secretary Gavin Williamson warned that the West
had "entered a new era of warfare, witnessing a destructive and deadly mix
of conventional military might and malicious cyber attacks".
[c] 2018 ITP Business Publishing Ltd. All Rights Reserved. Provided by SyndiGate Media Inc. ( Syndigate.info ).
|Printer friendly Cite/link Email Feedback|
|Date:||Feb 19, 2018|
|Previous Article:||New CEO for Software AG.|
|Next Article:||Riverbed launches new channel partner programme.|