Security News > 2021 > February > Ukraine Says Russian Cyberspies Targeted Gov Agencies in Supply Chain Attack

The agency said it had linked the attack to "One of the hacker spy groups from the Russian Federation." The incident was described as a supply chain attack and compared to the NotPetya attack of 2017 and the recently disclosed SolarWinds incident.
Another press release, issued on Monday, said the NCCC had been seeing "Massive DDoS attacks" since February 18.
The attacks were aimed at websites related to the security and defense sectors, as well as other government organizations and "Strategic enterprises."
In addition to the DDoS attacks themselves, the attackers delivered malware to government web servers, ensnaring them in a botnet used to launch DDoS attacks against others.
While the agency did not say the Russian government was behind these attacks, it said the attacks originated from IP addresses associated with "Certain Russian traffic networks."
UPDATE 02.26.2021: The NSDC has confirmed that the supply chain attack has been linked to Gamaredon and it has shared more IoCs.
News URL
Related news
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)
- GitHub Action supply chain attack exposed secrets in 218 repos (source)
- Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Recent GitHub supply chain attack traced to leaked SpotBugs token (source)