Ukraine Fingers Russians in Supply Chain Attack
February 25, 2021
The NCCC at the NSDC of Ukraine warns of a cyberattack on the
document management system of state bodies
The National Coordination Center for Cybersecurity under the
National Security and Defense Council of Ukraine has recorded
attempts to disseminate malicious documents through the System of
Electronic Interaction of Executive Bodies (SEI EB).
The purpose of the attack was the mass contamination of information
resources of public authorities, as this system is used for the
circulation of documents in most public authorities.
The malicious documents contained a macro that secretly downloaded a
program to remotely control a computer when opening the files. The
methods and means of carrying out this cyberattack allow to connect
it with one of the hacker spy groups from the Russian Federation.
According to the scenario, the attack belongs to the so-called
supply chain attacks. It is an attack in which attackers try to gain
access to the target organization not directly, but through the
vulnerabilities in the tools and services it uses.
The most notorious and large-scale attacks of this type were
NotPetya, aimed at damaging Ukrainian infrastructure in 2017, and
Solorigate - Russia’s cyber-espionage operation in 2020-2021, which
is currently being investigated in the United States. In these
cases, the malicious code was spread through distributed software
(MEDOC in Ukraine and Solarwinds products in the United States),
which was compromised by the attackers.
The main indicators of the attack
The NCCC emphasizes the need to:
regularly install security updates for the operating system and
workstation programs connected to the SEI EB system;
- apply strict code integrity policies that allow only authorized
programs to work;
- use anti-virus software or other solutions to protect workplaces
and monitor security events in them;
- replace passwords for access to the electronic document management
system with stronger ones;
- monitor attempts to guess passwords for online (web) electronic
document management systems;
- disable the execution of macros in Microsoft Office documents on
workstations connected to the SEI EB system.
of Use | Copyright
© 2002 - 2021
SM CORPORATION. All
rights reserved. |