Next targets for hacker attacks in Ukraine

15 Jan 2022

The Ministryhack hacker attack on the servers of Ukrainian government organizations is part of a larger plan.

On the night of January 13-14, 2022, a powerful hacker attack targeted the resources of Ukrainian government agencies. The media published the first results of the investigation. Two different versions of the attack mechanism predominate:

  1. Exploiting a vulnerability in outdated versions of the October CMS content management system.
  2. A supply chain attack by hacking the infrastructure of Kitsoft company.

A combination of these two mechanisms is not excluded.

The attack took place just when the Ukrainian-Russian relations were straining even more, coinciding with the reports of mining of Ukrainian shopping malls, schools, etc. Probably, the attack is of a socio-psychological nature and is aimed at increasing social tension in Ukraine.

The damage has not yet been fully disclosed. Different government agencies give different data. It is likely that not only public websites were affected, but also the Diya application, as well as the database of Motor (Transport) Insurance Bureau of Ukraine. Also on January 14, there were reports of an attack on the Regional Gas Company, the website of Kyiv Mayor V. Klitschko, and a leak of confidential military data in Poland.

The nature of the attack suggests that this is a carefully planned event. Therefore, it is likely that new attacks will be carried out on Ukrainian resources in the near future. Let’s outline the likely directions of these future attacks in order to better prepare for them.

Ukrainian cybersecurity expert Vlad Styran analyzed the authors of the October CMS vulnerabilities and admits that Andrey Basarygin, Maxim Teplykh, Mikhail Khramenkov, Andrey Guzei, Alexander Kolesov, Alexander Sidukov were involved in the attack. Vlad also proposes paying attention to the protection of systems that can be attacked by the subsequent attacks: Contao, Concrete5, ExpressionEngine, Typo3, ModX.

Reuters predicts attacks on Ukraine’s critical infrastructure. Hacker intrusions into medical systems, energy companies and financial infrastructure are likely.

To prevent damage, obtain a high-quality investigation of incidents and minimize negative consequences, use our experience in protecting critical infrastructure, including industrial facilities, healthcare organizations and financial institutions.

Other news

16/08/2022
Our customer Favro has successfully gained ISO 27001 certification
06/08/2022
Successful pentest and code audit for an NFT company