Ukraine crisis: 'Wiper' discovered in latest cyber-attacks

By Joe Tidy
Cyber reporter

Published
Related Topics
Threatening message which appeared on Ukrainian government websitesImage source, Unknown
Image caption,
Ukraine websites were hit by a cyber-attack in January too, which was blamed on Russia

Ukraine has been hit by more cyber-attacks, which its government says are "on a completely different level".

Earlier on Wednesday, the websites of several Ukrainian banks and government departments became inaccessible.

At the same time a new "wiper" attack, which destroys data on infected machines, was discovered being used against Ukrainian organisations.

The incident represents the third wave of attacks against Ukraine this year, and the most sophisticated to date.

The latest attack began on Wednesday afternoon when internet connectivity company NetBlocks tweeted about the outages, saying "the incident appears consistent with recent DDoS attacks".

Distributed denial of service (DDoS) attacks are designed to knock a website offline by flooding it with huge amounts of requests until it crashes.

'Outages continuing'

"Another mass DDoS attack on our state [has] begun," Ukraine's Digital Transformation Minister, Mykhailo Fedorov, wrote on Telegram.

NetBlocks data indicates the wave of DDoS attacks on Ukraine began on Wednesday afternoon, intensifying in severity over the course of the day.

A researcher told BBC News: "Ukraine's military and banking websites have seen a more rapid recovery, likely due to preparedness and increased capacity to implement mitigations."

Image source, Getty Images
Image caption,
No official blame has been directed at Russia for the latest attacks

Most websites were restored within a few hours.

Sophisticated wiper

On Wednesday night, cyber-security experts at ESET and Symantec then said they had recorded a second form of attack on computer systems using a sophisticated "wiper" malware.

"ESET researchers have announced the discovery of a new data wiper malware used in Ukraine, which they have named HermeticWiper," a spokesman said.

"ESET telemetry shows that the malware was installed on hundreds of machines in the country."

The team says the malicious software showed a timestamp of creation for 28 December 2021, implying that the attack may have been planned since then.

More DDoS attacks

Last week, a similar attack took a smaller number of websites in the country offline.

And cyber authorities in the UK and the US swiftly blamed that attack on Russian hackers under direct orders from the Kremlin.

But Moscow denied being involved - and no official blame has been levelled at Russia for the latest attacks.

In January, the Ukrainian government accused Russia of being behind another DDoS wave, and smaller less sophisticated wave of "wiper" attacks.

Some websites affected were replaced with a warning to Ukrainians to "prepare for the worst".

Access to most of the sites was restored within hours.

Hybrid warfare

On Tuesday, the EU announced a cyber rapid-response team (CRRT) was being deployed across Europe, after a call for help from Ukraine.

It is not known if the team of experts from six volunteer countries is helping to defend against this latest attack.

DDoS attacks have been used in various campaigns as a part of Russia's so-called "hybrid warfare" tactics, combining cyber-attacks with traditional military activity.

DDoS attacks hit Georgia and Crimea during the incursions in 2008 and 2014 respectively.

The EU, UK and Ukraine blamed Russian government hackers for attacks on electricity substations that caused widespread power cuts in 2015 and 2016.

The US, UK and EU has also blamed it for the hugely disruptive NotPetya "wiper" attack, which started in Ukraine but spread globally, causing billions of dollars of damage to computer systems across Europe, Asia, and the Americas.

Moscow denies being behind the attack, calling such claims "Russophobic".