The Ukrainian authorities stated at present that Russian hackers compromised a authorities file-sharing system as a part of an try to disseminate malicious paperwork to different authorities companies.
The goal of the assault was the System of Digital Interplay of Government Our bodies (SEI EB), a web-based portal utilized by Ukrainian authorities companies to flow into paperwork between one another and public authorities.
In a press release printed at present, officers with Ukraine’s Nationwide Safety and Protection Council stated the aim of the assault was “the mass contamination of data assets of public authorities.”
Ukrainian officers stated the attackers uploaded paperwork on this portal that contained macro scripts. If customers downloaded any of those paperwork and allowed the scripts to execute (often by urgent the “Allow Modifying” button inside Workplace apps), the macros would secretly obtain malware that will enable the hackers to take management of a sufferer’s laptop.
Ukraine hyperlinks the assaults to Russian cyberspies
“The strategies and technique of finishing up this cyberattack enable [us] to attach it with one of many hacker spy teams from the Russian Federation,” NSDC officers stated.
Even when most state-sponsored hacker teams have been assigned names by the cyber-security trade, Ukrainian officers didn’t attribute the assault to a selected Russian exercise cluster.
Officers did, nonetheless, publish indicators of compromise (IOCs) used within the assaults. They embrace:
- Domains: enterox.ru
- IP addresses: 220.127.116.11
- Hyperlink (URL): http://18.104.22.168/toddler.php
Right this moment’s NSDC safety alert is the second warning the company has printed this week. The company additionally warned on Monday that Russian hackers launched DDoS assaults final week that focused the web sites of the Safety Service of Ukraine, the Nationwide Safety and Protection Council of Ukraine, and assets of different state establishments and strategic enterprises.