The Security Service of Ukraine traced the Russian origin of this fall's cyberattacks on Ukrainian government and infrastructural information systems.
In an interview with Interfax-Ukraine, the head of the SBU, Vasyl Hrytsak, recalled of a massive phishing newsletter that was sent in the fall of 2017 to official e-mail addresses of central executive bodies that contained malicious software.
"After the malicious program was opened, a mechanism for the complete remote management of the infected computer was implemented, in particular, we found out that after installation on computers the client part of the hacking software DarkTrack was connected to the server equipment with Russian IP addresses. In fact, Kremlin-controlled hackers obtained the opportunity to covertly and remotely administer Ukrainian Web resources and receive information from them," said Hrytsak.
In addition, the special services of the Russian Federation have attacked Ukraine with two varieties of PSCrypt-type ransomware with malicious software designed to encrypt information systems of regional critical infrastructure objects.
The malware encrypted the contents of hard disks and demanded to pay a ransom through anonymous e-mail accounts. In most cases these ransom emails came via Russian mail servers," he said.
On October 24, a number of Ukrainian enterprises, in particular the Odesa airport and the Kyiv subway, were attacked using a cryptographic virus.