Ukraine has reported a cyberattack on the government document management system and a Russia-linked APT group is believed to be responsible for the attack.
The target of the attack was the System of Electronic Interaction of Executive Bodies (SEI EB) which is used by the Ukrainian government agencies to share documents.
According to Ukrainian officials, the hackers aimed at spreading malicious documents to government agencies.
Ukraine’s National Security and Defense Council (NSDC) stated that the purpose of the attack was the mass contamination of information resources of public authorities.
The Ukrainian authorities stated that the threat actors uploaded weaponized documents to the document management system. When the users that downloaded the files enabled the macros in the document, they would download and execute malware that allowed the attacker to take control of a victim’s computer.
The malicious documents contained a macro that secretly downloaded a program to remotely control a computer when opening the files. The attack would allow the system to get connected with one of the hacker spy groups from the Russian Federation.
The attack is considered to be supply chain attack in which the attackers try to get access to the target organization not directly, but through the vulnerabilities in the tools and services it uses.
It was the methods and means of carrying out this cyberattack that let the officials connect it with one of the hacker spy groups from the Russian Federation.
However, the NSDC did not attribute the attack to a specific Russia-linked cyberespionage group and they also provided indicators of compromise (IOCs) related to this attack.
This is the second time an NSDC security alert is being released by the agency this week. On Monday the agency also warned that Russian hackers launched DDoS attacks last week that targeted the websites of the Security Service of Ukraine, the National Security and Defense Council of Ukraine, and resources of other state institutions and strategic enterprises.
Image Credits : Chemonics International