Security News > 2021 > February > Ukraine Says Russian Cyberspies Targeted Gov Agencies in Supply Chain Attack
The agency said it had linked the attack to "One of the hacker spy groups from the Russian Federation." The incident was described as a supply chain attack and compared to the NotPetya attack of 2017 and the recently disclosed SolarWinds incident.
Another press release, issued on Monday, said the NCCC had been seeing "Massive DDoS attacks" since February 18.
The attacks were aimed at websites related to the security and defense sectors, as well as other government organizations and "Strategic enterprises."
In addition to the DDoS attacks themselves, the attackers delivered malware to government web servers, ensnaring them in a botnet used to launch DDoS attacks against others.
While the agency did not say the Russian government was behind these attacks, it said the attacks originated from IP addresses associated with "Certain Russian traffic networks."
UPDATE 02.26.2021: The NSDC has confirmed that the supply chain attack has been linked to Gamaredon and it has shared more IoCs.
News URL
Related news
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- BadPilot network hacking campaign fuels Russian SandWorm attacks (source)
- North Korea targets crypto developers via NPM supply chain attack (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)
- GitHub Action supply chain attack exposed secrets in 218 repos (source)