29 Dec 2017 14:52

SBU sees "Russian trail" in cyberattacks on Ukrainian infrastructure info systems

KYIV. Dec 29 (Interfax) - The Ukrainian Security Service (SBU) has established that cyberattacks staged on Ukraine's government and infrastructure information systems in the fall of 2017 originated from Russia, SBU head Vasyl Hrytsak said.

Multiple phishing e-mails containing malware intended to steal vulnerable information were sent to the e-mail addresses of the central offices of Ukrainian government agencies in the fall of 2017, Hrytsak said in an interview with Interfax.

"SBU officers have established that after the malware program was opened, a mechanism enabling total remote control over an infected computer was activated. In particular, we found out that after it was installed on computers, the client section of the DarkTrack malware connected to servers with Russian IP addresses. As a matter of fact... hackers could get an opportunity to covertly and remotely administer Ukrainian web-resources and obtain information from them," he said.

In addition to that, the SBU recorded cyberattacks organized by Russian special services using two kinds of a PSCrypt-type virus, he said.

Hackers sent files with malware intended to encrypt files of the information systems of crucial infrastructure facilities in Ukraine's regions, he said.

"After the application was launched, a malware file began downloading, encrypting data on a computer's drives and placing information on the home screen demanding that payment for decrypting data be transferred through anonymous online accounts. In most cases, these phishing e-mails arrived via Russian e-mail servers," he said.