Clues have been uncovered connecting the same hacking group to separate cyberattacks waged against the Ukrainian energy and financial sectors in 2015 and 2017, respectively, security researchers said
Clues have been uncovered connecting the same hacking group to separate cyberattacks waged against the Ukrainian energy and financial sectors in 2015 and 2017, respectively, security researchers said Thursday.
ESET, a Slovakian cybersecurity firm that made the connection, said that its researchers have found the first publicly presented evidence linking both widely reported attacks to the same sophisticated hacking group, all but confirming a previously rumored relationship.
Researchers analyzing a recently discovered strain of malware found similarities that led them to conclude that the hacking group that successfully compromised Ukraine’s power grid was also likely responsible for the crippling “NotPetya” ransomware attack that initially infected computers in the country’s financial sector prior to claiming victims in the U.S. and abroad, ESETreported.
Hackers used a malware toolkit called “Industroyer” to target the Ukrainian power grid starting in 2015, and researchers recently discovered an “improved” version while monitoring the activities of a group previously linked to the NotPetya attack, ESET said.
Detected by ESET in April, the improved version of Industroyer being used by the NotPetya attackers suggests the hacking group is still active and developing its operations, according to the firm.
“While the possibility of false flags — or a coincidental code sharing by another threat actor — should always be kept in mind when attempting attribution, in this case we consider it unlikely,” the company said.
ESET refrained from attributing the hacking group, dubbed “TeleBots,” to any particular government, though the Trump administration previously blamed Russia for the NotPetya attack, having accused Moscow in February of acting “reckless and indiscriminate.”
“It was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict,” White House press secretary Sarah Huckabee Sanders said previously.
Moscow previously called the the attribution “unsubstantiated and groundless.”
