New reports from Ukrainian officials state that they have discovered a massive amount of malware on their systems. As usual, Ukraine is saying that Russia is behind this planting of malware. This activity is reminiscent of the same activity that Ukraine saw in 2017 during the NotPetya attack. Russia has been seen laying the groundwork for what they believe to be an attack on the financial and energy sectors. Ukraine has become one of the most attacked countries in recent years, with the majority of the attacks coming from Russia–who continually deny the attacks. The malware is being sent via phishing emails. The emails contain malware that has been broken up into smaller files in an attempt to not be as detectable. One person stated that on the surface these emails are nothing out of the ordinary, but when put together, these files make up a web of malware that can be utilized. Analysis of the malware lead officials to believe that the attack is scheduled to be carried out on a specific day, but the date was not released. News of this planting of malware came days after Germany accused Russia of attacking their energy sector. That attack on Germany likely alerted Ukrainian officials to look into their network for any trace of malware. Ukraine did not state whether they were able to remove the malware from their networks and are still in the process of analyzing it. Typically, in the past, massive malware attacks that have begun in Ukraine have managed to spread across the world like the NotPetya campaign in 2017.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased