The context and scale of the cyberattack that has targeted Ukraine since January 14 are becoming clearer. According to Ukrainian intelligence and police, the hackers notably used the Log4shell flaw and a “supply chain attack “.
The threat is becoming clearer and concern is growing in Ukraine. In its statement published in the early evening of January 18, 2022, the Ukrainian government now speaks of a cyberattack that seeks to do the most damage to the various infrastructures of the country.
This wave of attacks began with the hacking of government sites on January 14, 2022, but the discovery of data-destroying malware on January 15 by Microsoft quickly alerted to a larger attack.
The malware is used for purely offensive purposes, which is unusual, as the overwhelming majority of cyberattacks are carried out by hackers for commercial purposes. Dozens of targets have already been identified in Ukraine: branches of government, associations and tech companies.
The Log4shell flaw used by attackers
The SBU, the major Ukrainian intelligence agency (equivalent to the DGSI and the DGSE), links the two events in a statement released on Monday January 17, 2022. The agency also details the vulnerabilities used in these cyberattacks.
Among these, the SBU points to a use of the Log4shell flaw. This vulnerability, discovered on December 10, 2021, affects a popular Java computer language library, Log4j. It is particularly serious because it offers wide attack possibilities for hackers. Its exploitation has already largely started at the end of the year. The use of a flaw in the October CMS content management system is also pointed out.
A ” supply chain attackto reach the government
Another modus operandi identified, which is also pointed out by the Ukrainian police, is a “supply chain attack“: a type of cyberattack that goes through a subcontractor to hit a multitude of targets. Subcontractor who would be here Kitsoft, a Ukrainian software company that takes care of, among other things, several government sites.
In a Facebook post adorned with emojis, the company reacted on January 17, 2022 by acknowledging its responsibility in the attack: “Kitsoft’s infrastructure was also damaged during the cyberattack. What our specialists have identified as one of the means used by the attack to spread“.
“An attack that aims to sow panic»
“It’s not just a hack of websites, it’s an attack that aims to sow panic, fear, to destabilize [l’Ukraine] continues Kitsoft. Ukrainian intelligence and police do not dare to attribute responsibility, but for the Ministry of Digital Transformation, it is Russia that is behind these attacks.
These suspicions are obviously carried by the geopolitical tensions between Kiev and Moscow, the ongoing war in the Donbass since 2014 and the Russian troops amassed around the country for a year now, with the fear of a generalized military escalation. But above all, since 2015, and especially in 2017, Ukraine has been the repeated target of devastating cyberattacks against its infrastructure, which the country and its allies very officially attribute to Russia.
CyberGhost, the exclusive advertiser of Cyberwar, is a premium VPN provider with affordable prices. It has thousands of secure servers spread across the world, allowing it to relocate its IP address and bypass geoblocks. CyberGhost does not keep track of user activity. Its VPN application is available on all operating systems and connected devices and is the easiest to access on the market.
Learn more about CyberGhost’s VPN solution