DDoS attacks aimed at Ukraine as invasion begins

As explosions are heard near the Ukrainian capital of Kyiv following an invasion by Russia, in the digital space the European nation is being hit by a barrage of attacks as well.

The websites of the Ukrainian defence, foreign and interior ministries are either unreachable or slower than molasses according to reports by AP News.

The slowness is a result of what the publication describes as a “punishing wave of distributed denial of service attacks”. While nobody has taken responsiblity for the attack, Sophos pointed out before the invasion, Russia has a long history of using DDoS attacks to sow havoc.

This love of DDoS dates back as far as April 2007 when the Estonia government moved a statue commemorating the Soviet Union’s liberation of Estonia from the Nazis to a less prominent location. Shortly after this the Estonian government was the target of what Sophos calls “debilitating DDoS attacks” likely launched by pro-Russian Estonians.

A spokesperson for Cloudflare told AP News that DDoS attacks in the Ukraine had been sporadic until Wednesday this week.

A DDoS attack is not the only thing to worry about.

Researchers at ESET Research Labs have detected a data wiper that was use in the Ukraine. This malware has been installed on hundreds of machines in Ukraine according to ESET Research and time stamps suggest the attack may have been in the works for months.

Researchers at SentinelOne have dubbed the malware HermeticWiper.

“We started analyzing this new wiper malware, calling it ‘HermeticWiper’ in reference to the digital certificate used to sign the sample. The digital certificate is issued under the company name ‘Hermetica Digital Ltd’ and valid as of April 2021. At this time, we haven’t seen any legitimate files signed with this certificate. It’s possible that the attackers used a shell company or appropriated a defunct company to issue this digital certificate,” writes principal threat researcher at SentinelOne, Juan Andrés Guerro-Saade.

The malware doesn’t appear to be automatically activated like NotPetya but it is still a going concern.

Despite the harrowing nature of what is going on, it’s incredible to see the cybersecurity sector coming together to identify and fight a war that appears to be developing both on the ground and the digital space.



[Image – CC 0 Pixabay]


About Author


Related News