Security Specialists Attribute Petya to State Actor

Two different security agencies from Europe recently reached a conclusion about Petya (also called NotPetya) that the ransomware, which spread widely through attacks, was used not for earning revenue instead certain nation-state utilized it for conducting cyber-attacks.

On 30th June, a team of 4 researchers from NATO's CCD COE (Cooperative Cyber Defense Centre of Excellence) stated that both NotPetya as well as the earlier WannaCry had great possibilities of being involved in some state actor's operation. And though the team didn't determine the attack's origin, another assessment by SBU (Security Bureau of Ukraine) condemned Russian Federation for it. Eweek.com posted this, July 3, 2017.

Earlier the Cyber Police Department of National Police of Ukraine through one social media indicated on June 27 that the alleged contaminations occurred because of one hijacked software update provided to end-users via MeDoc, a supplier of accounting software in Ukraine. MeDoc, however, dismissed the allegation, but Microsoft in its confirmation report stated there had been some infections due to malware getting supplied onto systems from MeDoc's software reviewing activity. When planted, the malware proliferated fast among the networked computers while getting enabled with the propagation functions within the network.

Kryptos Logic a security firm said that Petya contaminated networks via one hijacked update that MeDoc a tax software company of Ukraine supplied, and also via one hijacked website pertaining to certain Ukrainian city.

A report by Kaspersky about Petya shows a code utilized to peruse filenames resembled Petya and BlackEnergy, suggesting there were a few similarities in code design among the two malware families. However, according to the researchers, the suggestion reflected insufficient confidence. Petya as well disseminated intra-networks through EternalRomance, an exploit, and an administrative tool -PsExec along with Windows Management Instrumentation.

Ukrainian SBU reported about seizing equipment which it asserted was of Russian agents while cyber-attacks had been conducted using it against Ukraine.

At present, Ukraine is battling Russia-sponsored extremists inside Donbass area of its eastern boundary. Preceding it was the confiscation of Crimea out of Ukraine during March 2014 by its bigger neighbor, after one revolution in Ukraine when certain pro-Russian president had been impeached.

» SPAMfighter News - 7/6/2017