A level of cyber threats to Ukraine’s information systems has increased as the leading U.S. cybersecurity firm FireEye was attacked, the National Security and Defence Council of Ukraine (NSDC) reports with reference to the National Coordination Centre for Cybersecurity (NCCC).
FireEye’s red team tools, used to detect vulnerabilities in security systems of other companies and governments, were stolen as part of the powerful cyberattack.
The information about the attack was reported to the FBI and a number of the firm’s key partners. Indicators were also published to detect signs of the use of stolen tools.
“According to FireEye, the stolen tools range from simple scripts used for automating reconnaissance to entire frameworks that are similar to publicly available technologies such as CobaltStrike and Metasploit and do not contain zero-day exploits. They are usually used to actively check the security of networks and simulate cyber attacks during cyber exercises,” the National Security and Defence Council notes.
Experts explain that such tools can be used to interfere with networks and information systems and, under certain conditions, be used as cyber weapons.
“According to FireEye, the nature of attack indicates that intelligence services of the Russian Federation are most likely to be involved in it. Given the growing number of incidents recorded by the National Coordination Centre for Cybersecurity, this signals an increase in the level of cyber threats to Ukrainian information systems, especially before the New Year holidays and possible imposition of quarantine restrictions,” the National Security and Defence Council stated.
Specialists of the National Coordination Centre for Cybersecurity, together with key cybersecurity actors, are currently informing the government agencies and critical infrastructure facilities about the ways to detect and counter stolen FireEye tools.
To recap, the website of the National Police of Ukraine was hacked in late September and series of fake news appeared on it, in particular about the alleged accident at the Rivne Nuclear Power Plant and the death of US military personnel.
In August, the NCCC detected intensified activities of the Gamaredon hacking group, which is associated with the Russian special services. The Ministry of Foreign Affairs of Ukraine called on the world community to step up pressure on Russia over cybercrime.
Bohdan Marusyak