Security News > 2021 > February > Ukraine Says Russian Cyberspies Targeted Gov Agencies in Supply Chain Attack
The agency said it had linked the attack to "One of the hacker spy groups from the Russian Federation." The incident was described as a supply chain attack and compared to the NotPetya attack of 2017 and the recently disclosed SolarWinds incident.
Another press release, issued on Monday, said the NCCC had been seeing "Massive DDoS attacks" since February 18.
The attacks were aimed at websites related to the security and defense sectors, as well as other government organizations and "Strategic enterprises."
In addition to the DDoS attacks themselves, the attackers delivered malware to government web servers, ensnaring them in a botnet used to launch DDoS attacks against others.
While the agency did not say the Russian government was behind these attacks, it said the attacks originated from IP addresses associated with "Certain Russian traffic networks."
UPDATE 02.26.2021: The NSDC has confirmed that the supply chain attack has been linked to Gamaredon and it has shared more IoCs.
News URL
Related news
- Revival Hijack supply-chain attack threatens 22,000 PyPI packages (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- U.S. Offers $10 Million for Info on Russian Cadet Blizzard Hackers Behind Major Attacks (source)
- Australian Police conducted supply chain attack on criminal collaborationware (source)
- Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks (source)
- Israel’s Pager Attacks and Supply Chain Vulnerabilities (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)