Posted on February 22, 2022 at 5:44 PM
US and UK Officials Says Russia Is Responsible For The DDoS Attack On Ukraine
The United Kingdom has joined the United States to blame Russian intelligent agencies for last week’s distributed denial of service (DDoS) attacks against Ukraine.
The attack targeted PrivatBank, the largest commercial bank in Ukraine, as well as the Ukrainian Ministry of Defense. It also affected Ukraine’s State Savings Bank, Oschadbank.
Last week, the UK’s National Cyber Security Centre (NCSC) noted that the investigation from the attack revealed that Russia’s Main Intelligence Directorate (GRU) is to be blamed for the attacks on two Ukrainian banks. The security center stated that the attack is another confirmation of Russia’s aggressive actions against Ukraine.
NCSC Says The Attack By Russian Intelligence Is Unacceptable
NCSC also stated that the behavior by the Russian intelligence is unacceptable and must stop such activities and respect the sovereign authority of Ukraine.
“We are steadfast in our support for Ukraine in the face of Russian aggression,” the FCDO spokesperson added,” the body stated.
Anne Neuberger, deputy national security adviser, in a White House press briefing, also stated that the Russian government is to be blamed for the recent DDoS attacks on Ukrainian banks.
She said GRU infrastructure was discovered sending high volumes of communications to IP addresses that are based in Ukraine. These also include pre-positioning for invasion of Ukrainian top organizations
Neuberger stated that US agencies are working together to make sure that Ukrainian networks defend against such attacks. The agencies are helping Ukrainian organizations to respond and recover effectively from the DDoS attack the entire country has been made to pass through. They will also assist to strengthen the security and resilience of the cyber cryptal infrastructure to avoid the further negative impact of future attacks.
Part of the measures s the cooperation with partners and allies to respond and disrupt any malicious threat action from Russia or any other area.
This will include a partnership that will share intelligence on malicious cyber techniques to prepare the global community against further attacks.
Russia Says The Accusation is Baseless
Russia has responded to the allegation of its involvement in the DDoS attack. The Russian Embassy in the US described the accusation of Neuberger as “purely anti-Russian.”
The embassy rejected the statement and called it a “baseless” accusation” noting that Russia has no hand in the mentioned events. It also stated that Russia has never been a part of conducting any malicious operations in cyberspace.
The UK Also Supports Ukraine’s And U.S. Claims
While the Ukrainian authorities initially declined to attribute the attack to any actor, they later accused Russia after a series of investigations. The Ukrainian authorities also added that only one country was interested in engaging them and carrying out such attacks, considering the history of Russian-sponsored cyber attacks and the present geopolitical tension between both countries.
It wasn’t long before U.S. authorities also attributed the attack to Russian intelligence agencies. The British government also blamed Russia as Ukraine and Russia continue to deal with their political phase off.
“We are steadfast in our support for Ukraine in the face of Russian aggression,” the U.K. government stated.
The botnet’s C2 Node Is Located In The Netherlands
While last week’s attacks on Ukraine may have been planned by the Russian intelligence services, the analysis carried out by Netscout indicated that the attacks were within established norms when it comes to methods and size.
The attacks utilized standard DDoS-capable botnets to perpetrate the attacks. According to Nescout, the particular botnet used in the attack is typically a Mirai botnet, with a command and control (C2) node located in the Netherlands.
Organizations Have Been Asked To Bolster Their Security
There are still speculations that the attack on Ukrainian organizations may not be over. As a result, both UK and US agencies are advising organizations in Ukraine to bolster their security and stay vigilant regarding any further attacks on network infrastructures as the political issue between Russia and Ukraine goes on.
Following the attacks on Russian organizations, the National Cyber Security Center has urged UK organizations to beef up their security networks. Although the attacks seem to affect Russian-based organizations, there is a possibility of a spill-over impact on other regions.
Companies operating in Ukraine with headquarters in other regions may be drawn into the matter since they may share the same software among their global operational areas. As a result, the UK agency has warned organizations to tighten their security to avoid falling victim to supply chain attacks or other forms of attacks that may affect a company’s global network.
The US Department of Homeland Security also has the same advice for U.S. organizations having operational offices in Ukraine.