As a new war begins, cyberattacks targeting government-related services also emerge. Currently, several reports are coming from the cybersecurity side. Those reports include massive DDoS attacks and a new malware that wipes data from storage.
Destroying the data unrecoverably
The new malware has a simple purpose: destroying the data in the storage to make it unusable. The data becomes unrecoverable as well, so say goodbye to your data. Since those attacks are targeting government services, they will destroy more important data. According to the reports from Symantec, those attacks target finance and government contractors from Ukraine, Latvia, and Lithuania.
We observed the first sample today around 14h52 UTC / 16h52 local time. The PE compilation timestamp of one of the sample is 2021-12-28, suggesting that the attack might have been in preparation for almost two months. 2/n
— ESET research (@ESETresearch) February 23, 2022
ESET also states that the malware can be detected as Win32/KllDisk.NCV. The malware was compiled at the end of December 2021, so the attacks seem long-planned. The malware uses four embedded drivers that are signed by Chengdu Yivo Tech Development Co. Ltd.; the owners of EASEUS data recovery.
⚠️ Confirmed: #Ukraine's Ministry of Foreign Affairs, Ministry of Defense, Ministry of Internal Affairs, the Security Service of Ukraine and Cabinet of Ministers websites have just been impacted by network disruptions; the incident appears consistent with recent DDOS attacks 📉 pic.twitter.com/EVyy7mzZRr
— NetBlocks (@netblocks) February 23, 2022
On the other hand, the DDoS attacks are targetting multiple government websites, including the Ministry of Defense, Ministry of Internal Affairs, Cabinet of Ministers, and more. Cloudflare has stated that they noticed more DDoS activity than last week, but more than last month.