Skip to main content
close search
site logo
Dive Brief

Ukraine tensions raise cyberthreats against US companies, critical infrastructure

Published Jan. 21, 2022
David Jones's headshot
Reporter
CISA, cybersecurity, agency
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images

Dive Brief:

  • Federal authorities and security researchers are warning U.S. organizations to prepare for attacks against critical infrastructure and related targets as military tensions ramp up over a potential Russian incursion into Ukraine. 
  • The Cybersecurity and Infrastructure Security Agency (CISA) is warning U.S. companies to take urgent measures to protect their IT systems and operational technology, after threat actors deployed destructive malware against public and private organizations in Ukraine. While the malware appears to be ransomware at first glance, it wipes all data contained on the master boot record, according to Microsoft. The malware has been found on dozens of government, nonprofit and IT organizations in Ukraine.
  • Crowdstrike released a separate analysis of WhisperGate, the malicious bootloader that was unleashed on Ukrainian government websites. The malware, which has similarities to the master boot record used during NotPetya attacks in 2017, fooled IT personnel by masquerading as a chkdsk disk-repair utility before launching a massive wave of attacks.

Dive Insight:

Security researchers and national security experts say the escalating tensions over a Russian conflict with Ukraine could give rise to asymmetric cyberattacks that would engulf government and critical infrastructure targets inside Ukraine and targets in the U.S. and other Western countries. 

"Threats to Ukraine can be a threat to a U.S. or global company," Adam Meyers, SVP of intelligence at Crowdstrike said. "As we observed during NotPetya, there were numerous reports of companies with offices in Ukraine or contractors in Ukraine who became victims of NotPetya by virtue of physical and [logistical] connections between corporate infrastructure in Ukraine and the U.S."

Threat actors linked to Russia, eastern Ukraine and other allies will likely engage in a range of cyber espionage, information operations and disruptive attacks, according to research from MandiantMandiant researchers say various APT actors have been linked to prior attacks involving Ukraine.

Sandworm Team, considered a top threat actor from Russia, has been linked to NotPetya and attacks that caused power outages in the Ukraine.

An actor that Mandiant researchers call TEMP.Isotope, also known as UNC806/UNC2486, Berserk Bear and Dragonfly, has been linked to compromises of critical infrastructure in Europe and the U.S. 

Researchers at Palo Alto Networks say a vulnerability in OctoberCMS, CVE-2021-32648, was exploited by threat actors prior to the attacks against Ukrainian government websites. Palo Alto said using OctoberCMS prior to build 472 and v1.1.5 need to upgrade to the most recent version.

Filed Under: Threats

Editors' picks

Company Announcements

View all | Post a press release
Rumpke Data Breach Investigation
From Migliaccio and Rathod
December 11, 2024
Only Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Eva…
From Cynet Security
December 11, 2024
DigiCert Releases First-of-Its-Kind Open-Source DCV Library to Elevate Industry Standards
From DigiCert
December 18, 2024
Migliaccio and Rathod Investigates Byte Federal Data Breach
From Migliaccio and Rathod
December 12, 2024
Editors' picks
Latest in Threats
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.