Ukrainian officials announced on January 14th that multiple Ukrainian government websites had been affected by a cyber-attack. Researchers have since named the malware used in the attack WhisperGate. The researchers from Cisco Talos say the malware has several similarities to the NotPetya wiper and is believed to be designed to inflict additional damage. The Ukrainian cyber police said the attack led to the defacement of at least 70 websites. Cisco Talos believes stolen credentials were used as an entry vector for the attack. Microsoft published the following blog detailing the WhisperGate malware. https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
Analyst Notes
President Biden has warned Russia that continuing attacks will cause cyber intervention from the United States and NATO partners. The European Union announced that it will increase resources to assist Ukraine. In order to prevent attacks from malware like WhisperGate, organizations should enable multifactor authentication (MFA) and ensure that MFA is enforced for all remote connectivity, disable ports and access points that are not business-critical, and ensure that strong controls are implemented for cloud services to mitigate the risk of compromise.
https://www.zdnet.com/article/researchers-break-down-whispergate-wiper-malware-used-in-ukraine-website-defacement/
