Security News > 2021 > February > Ukraine Says Russian Cyberspies Targeted Gov Agencies in Supply Chain Attack

The agency said it had linked the attack to "One of the hacker spy groups from the Russian Federation." The incident was described as a supply chain attack and compared to the NotPetya attack of 2017 and the recently disclosed SolarWinds incident.
Another press release, issued on Monday, said the NCCC had been seeing "Massive DDoS attacks" since February 18.
The attacks were aimed at websites related to the security and defense sectors, as well as other government organizations and "Strategic enterprises."
In addition to the DDoS attacks themselves, the attackers delivered malware to government web servers, ensnaring them in a botnet used to launch DDoS attacks against others.
While the agency did not say the Russian government was behind these attacks, it said the attacks originated from IP addresses associated with "Certain Russian traffic networks."
UPDATE 02.26.2021: The NSDC has confirmed that the supply chain attack has been linked to Gamaredon and it has shared more IoCs.
News URL
Related news
- Recent GitHub supply chain attack traced to leaked SpotBugs token (source)
- SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack (source)
- That massive GitHub supply chain attack? It all started with a stolen SpotBugs token (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Ripple NPM supply chain attack hunts for private keys (source)
- Disney Slack attack wasn't Russian protesters, just a Cali dude with malware (source)
- Magento supply chain attack compromises hundreds of e-stores (source)