Ukrainian authorities point finger of blame at Russia over NotPetya malware

Security Service of Ukraine claims to have seized equipment used to propagate WannaCry and NotPetya

Authorities in Ukraine have pointed the finger of blame for last week's NotPetya cyber attack at Russian security services.

The malware appears to have been launched via the compromised software update mechanism of a Ukrainian tax preparation application, called ME Doc. Subsequent infections - which were much lower than May's WannaCry ransomware outbreak - are believed to have been made as a result of the incorporation of two US National Security Agency (NSA), EternalBlue and EternalRomance, into the NotPetya malware.

The SBU has also put its weight behind suggestions made by some security experts that the ransomware portion of NotPetya was little more than a cover for file destruction. it also claims that the same groups that were behind the December 2016 attacks on Ukraine's infrastructure were also behind NotPetya.

"The available data, including that obtained in cooperation with international anti-virus software companies, give us reason to believe that the same hacking groups are involved in the attacks, which in December 2016 attacked the financial system, transport and energy facilities of Ukraine using TeleBots and BlackEnergy," the Security Service of Ukraine (SBU) claimed in a statement over the weekend.

It added: "This testifies to the involvement of the special services of Russian Federation in this attack."

In another statement, the Ukrainian SBU said that it had seized equipment that, it claimed, belonged to Russian agents and had been used to launch cyber attacks against the country.

"According to SBU research, the infection was planned and conducted in advance. It took place in several stages and started the day before [Ukraine's] Constitution Day [on 28 June]. The cyber attack gives the impression of the usual ransomware-type virus… In fact, the virus is a cover of large-scale attack, oriented against Ukraine," claimed the SBU in a statement issued on Saturday.

Ukraine is currently fighting insurgents backed by Russia in the Donbass region on its eastern borders. That had followed the seizure of the Crimea region from Ukraine by its larger neighbour in March 2014, following a revolution in Ukraine that had removed a pro-Russian president.

Is your organisation embroiled in digital transformation? Register now for our next IT Leaders Forum - "Digital Transformation: Solving the Conundrum of Business & IT Collaboration" - at The Brewery on Wednesday 5 July. Attendance is free but limited to qualifying IT leaders and senior IT professionals