All Five Eyes Countries Formally Accuse Russia of Orchestrating NotPetya Attack

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
All the countries part of the Five Eyes intelligence-sharing alliance — the US, the UK, Canada, Australia, and New Zealand— have made formal statements accusing the Russian Federation of orchestrating the NotPetya ransomware outbreak.

The UK was first to pin the attacks on Russia, earlier this week, when Foreign Office Minister Lord Ahmad said in a press release that an intelligence agency part of Russia's military had created and deployed the NotPetya ransomware in Ukraine, from where it accidentally spread worldwide.

The UK's statement caused a stir, but the country didn't stand alone for long, as the next day, February 15, the White House came out with a similar announcement.


The attack, dubbed “NotPetya,” quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas. It was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.

All Five Eyes members follow suit
A day after that, on February 16, Canada's Communications Security Establishment, Australia's Minister for Law Enforcement and Cybersecurity, and New Zealand's Government Communications Security Bureau followed suit with similar press releases.

None pointed the finger at a specific Russian military unit but went on record to blame the Russia state for the incident as part of its silent war against Ukraine. A Washington Post article citing CIA sources published in mid-January pegged the Russian Military's Main Intelligence Directorate (abbreviated GRU) as the one department that created NotPetya.

Russia previously denied being behind the attack and did so again this week through its ambassadors in each of the Five Eyes countries.
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Russian cyber attacks on Ukraine: the Georgia template
By Matthew Bell
Cyber attacks against Ukraine carry worrying echoes of Russia’s 2008 invasion of Georgia. Is this the new way to wage war?
channel4.com/news/: Russian cyber attacks on Ukraine: the Georgia template

Ukraine is in turmoil, being ripped apart by internal uprisings that appear to be supported by Russia as eastern towns steadily fall into the grip of separatists, writes Matthew Bell.
More regions seem poised to follow the path of Crimea, which seceded to Russian control in March following a spate of sophisticated and co-ordinated cyber attacks which crippled communications networks and overwhelmed government websites.
Ukraine’s critical infrastructure suffered a series of assaults before Crimea was annexed, which also played into the propaganda war waged win the country.

The mobile phone network and internet connections were severely hampered, government websites were overwhelmed with “denial of service” attacks, social networks were corrupted, and some of Ukraine’s phone and internet cables were cut by pro-Russian forces.
This was an ominuous repeat of the cyber chaos wreaked in Georgia six years ago, before Russia rolled in with its tanks to claim one of over a dozen former Soviet states that became independent after the end of the cold war.
Pierluigi Paganini, cyber analyst at information security firm Bit4Id, told Channel 4 News that a comparison of the cyber attacks on Ukraine and Georgia shows “many analogies in the way Russian entities are trying to compromise critical infrastructure of targeted government”.
Russia eventually withdrew most of its troops from Georgia but kept thousands stationed in parts of the country, contravening the ceasefire drawn up with western powers, and possibly signaling an overarching strategy for the remainder of the former Soviet states.


State-on-state warfare

Russia’s ultimate military thinking on Ukraine remains a mystery, and there may be no need for Moscow to send in troops for a classic “boots on the ground” invasion if pro-Russians continue to destabilise the country from within and draw it ever closer to Moscow’s bosom.

The cyber attacks on Ukraine have been met by a powerful response from third party “hactivists”, or cyber mercenaries.
But seen in conjunction with the cyber salvos previously launched on Georgia, the attacks are a powerful sign of what modern “state-on-state” warfare may look like – and it is one that western powers may not be entirely prepared for.
For several years now the UK and its allies have been slashing equipment and troops, partly to fit their forces into far slimmer budgets, but also because they see far less of a threat from conventional types of warfare – and more cuts are coming.


There has been little collaboration on cyber weapons, partly because countries are unwilling to reveal exactly how much – or how little – they can do.


As Britain’s national security strategy puts it, the UK is no longer dealing with a “clear and present” danger of conventional attack, facing “Soviet armies arrayed across half of Europe and the constant threat of nuclear confrontation between the superpowers”.
The focus has moved to new types of threat from states but also “non-state actors”: terrorism, unconventional attacks using chemical, nuclear or biological weapons, and yes – you guessed it – cyber attack.
The UK even became the first western power to officially reveal that it was developing cyber weapons, and is working with the US and its other “Five Eyes” intelligence partners – Australia, Canada and New Zealand – to improve cyber defences.
But the highly sensitive nature of the technology means there has been little collaboration on cyber weapons between the Five Eyes partners, partly because countries are unwilling to reveal exactly how much – or how little – they can do.


Read more: Ukraine suspects Russia as source of cyber attacks on MPs


Vulnerable to attack

Does this mean the UK and its allies would be ill prepared for a full-on cyber war with a hostile state, one which might prepare the ground for a conventional attack?
It might seem like a fantastic prospect, but Russia sits alongside China as one of the world’s leading cyber powers. And while the prospect of large-scale war among states seems possibly more ludicrous, Britain’s military commanders are required to plan for the worst.
Andrew France, chief executive at cyber security firm Darktrace and a 30-year veteran of GCHQ, told Channel 4 News that the basic structure of the internet makes the UK and other modern countries painfully vulnerable to cyber attacks, and the security community “is struggling to keep up with the pace of technology”.


The internet was never designed to be secure, and if you attach your critical national infrastructure to it, then you’re asking for trouble. Andrew France, Darktrace


“The internet was never designed to be secure, and if you attach your critical national infrastructure to it, then you’re asking for trouble,” France said.
“The cost of entry for someone wishing to damage someone else on the internet is quite low. You can just download simple tools that can cause a lot of damage.”
According to Paganini, developing a cyber weapon as sophisticated as the devastating Stuxnet or Duqu viruses would previously have cost millions of dollars, but could now be devised for as little as $10,000.
This causes “serious concerns” for cyber security experts “because it is lowering the barrier to entry to the global cyber arms race”, he said.


‘Complex techniques’

One series of sophisticated cyber attacks on Ukraine bears all the hallmarks of Russian cyber hackers. In March, BAE released a report detailing a complex cyber espionage campaign called SNAKE that targeted Ukraine heavily in the early weeks of 2014.
SNAKE had been running for eight years, and comprised “complex techniques for evading host defences and providing the attackers covert communication channels”, BAE said.
The SNAKE campaign included a potent form of malware called Uroburos, which was able to take control of computers, shut down programmes, steal vast amounts of data and smuggle it out via the internet. It too appeared to have been authored by Russian cyber experts, although – as with all such attacks – it is nearly impossible to say for certain that the Russian state was behind it.
While Ukraine has certainly been the target of cyber attacks, according to internet intelligence firm Renesys it shares a great deal of its internet infrastructure with Russia. This means Moscow would have been very unwilling to launch a devastating attack upon Ukraine’s computer networks, in case of “blowback” into its own essential data systems.
For this reason, it remains unclear exactly what kind of cyber attack might be unleashed as a precursor to a renewed form of state-on-state warfare.
But a new template has emerged, encompassing powerful propaganda and real-life damage to essential national networks, that gives a disturbing vision of how future warfare may look.

-------------------------------------------------------------------

Ah uh, little neglect, sorry.. the article date is 3 May 2014.
MoonLite sat sharp crop 400x400.jpg
Disable Ads add-on icon.png
appropriated pictures for your avatar
MoonLite & Disable Ads
 

Weebarra

Level 17
Verified
Top Poster
Well-known
Apr 5, 2017
836
You know, i read these things and i still never know who to believe. People say you can have a "gut feeling" and i have that with this story and i'm still not convinced by the claims that is was Russia and who knows, maybe the 5 eyes have colluded in a plot to blame Russia, call me a sceptic but that is how i personally feel.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,456
Quote : " All the countries part of the Five Eyes intelligence-sharing alliance — the US, the UK, Canada, Australia, and New Zealand— have made formal statements accusing the Russian Federation of orchestrating the NotPetya ransomware outbreak. "

TXKt18s7_o.gif
 
D

Deleted member 65228

Dropping to the Windows folder is moronic enough as it is without then going to rely on rundll32.exe. It's just so moronic.

NotPetya can do some damage, but I really hope it isn't government material because if it is then that's just ridiculous.
 
Last edited by a moderator:
5

509322

Dropping to the Windows folder is moronic enough as it is without then going to rely on rundll32.exe. It's just so moronic.

NotPetya can do some damage, but I really hope it isn't government material because if it is then that's just ridiculous.

Whomever wrote NoPetya wrote it to get the job done. And it worked.
 
Last edited by a moderator:

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
The following is excerpted from the Double Secret "CyberWarfare for Dummies":

Country A wants to attack Country B

1). Determine what the primary Security protection of Country B is (it helps if you already know it is a product of Country A- we will term this Product A)
2). Country A, using the brain-trust of those working for Product A, creates a zero day file to bring down Command and Control Severs, Banking system, etc. of Country B
3). Ensure Product A will not detect it for a bit.
4). Include in the code something that seems to specifically target product A. We will do this for plausible deniability.
5). After the attack, release the malware code on the DarkWeb. This will allow non-involved actors to modify the file and release it to a broader array of victims (other Countries) in the hope that the original target will get lost in the noise (again, plausible deniability for Country A's tame Blackhats).
6). After the main purpose of attack is completed, have Product A magically detect it.
7). Be confident that outsiders are either too blind or stupid to realize what occurred.
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Table of contents
of two first posts

*All the countries part of the Five Eyes intelligence-sharing alliance — the US, the UK, Canada, Australia, and New Zealand— have made formal statements accusing the Russian Federation of orchestrating the NotPetya ransomware outbreak.

*The attack, dubbed “NotPetya,” quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas. It was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.

*None pointed the finger at a specific Russian military unit but went on record to blame the Russia state for the incident as part of its silent war against Ukraine.

*Russia ... denied being behind the attack...

*Ukraine's... regions seem poised to follow the path of Crimea, which seceded to Russian control... following a spate of sophisticated and co-ordinated cyber attacks which crippled communications networks and overwhelmed government websites.
Ukraine’s critical infrastructure suffered a series of assaults before Crimea was annexed...

*Pierluigi Paganini, cyber analyst at information security firm Bit4Id, told Channel 4 News that a comparison of the cyber attacks on Ukraine and Georgia shows “many analogies in the way Russian entities are trying to compromise critical infrastructure of targeted government”.

*...seen in conjunction with the cyber salvos previously launched on Georgia, the attacks are a powerful sign of what modern “state-on-state” warfare may look like...

*The focus has moved to new types of threat from states but also “non-state actors”:...and yes – you guessed it – cyber attack.

*The internet was never designed to be secure, and if you attach your critical national infrastructure to it, then you’re asking for trouble. Andrew France, Darktrace

*One series of sophisticated cyber attacks on Ukraine bears all the hallmarks of Russian cyber hackers...cyber espionage campaign called SNAKE that targeted Ukraine heavily ... had been running for eight years, and comprised “complex techniques for evading host defences and providing the attackers covert communication channels”, BAE said.

*Snake included... Uroburos, which was able to take control of computers, shut down programmes, steal vast amounts of data and smuggle it out via the internet. It too appeared to have been authored by Russian cyber experts, although – as with all such attacks – it is nearly impossible to say for certain that the Russian state was behind it.

*Ukraine...shares a great deal of its internet infrastructure with Russia.

2017 cyberattacks on Ukraine
From Wikipedia: 2017 cyberattacks on Ukraine - Wikipedia
upload_2018-2-18_20-47-27.jpeg
 
F

ForgottenSeer 69673

If country A decides to attack country B, The USA has now let the other countries know, if The USA was led to believe it was country A, They give the option to use nukes as a retaliation. I don't know if they actually would or not but the option is out there now. The USA would probably sick Stormy Daniels on them anyway.
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Yes. Because we trust the Five Eyes and they are totally not in an alliance that is hoarding zero day exploits while demonizing others for doing the same...
 
  • Like
Reactions: Weebarra

Entreri

Level 7
Verified
May 25, 2015
342
No doubt Russians have used malware against Ukraine, this particular one, who knows. Obviously the US has used and are using similar tactics against their enemies.

If professionals carried this out, they are not that competent, given how it spread.
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
I can't believe that Russia did that. It's so badly written. Why would they do something that a 15 year old could do on a weekend? No way it was Russia. Maybe they contracted some freelancer on Tor.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top