Ukrainian Government Plans Security Audit after Airport Cyber Attack
The Ukrainian government is launching a review of its critical infrastructure after a cyber-attack last week launched from a Russian server hit Kiev’s main airport.
"In connection with the case in Boryspil, the ministry intends to initiate a review of anti-virus databases in the companies which are under the responsibility of the ministry," Ukraine infrastructure ministry spokeswoman, Irina Kustovska, told Reuters.
The attack itself was detected early enough in the network at Boryspil airport not to have caused any damage, military spokesman Andriy Lysenko told the newswire, despite reports to the contrary.
The Ukrainian CERT released an alert yesterday urging all system administrators to check log files and information flows for the presence or otherwise of BlackEnergy malware.
The destructive BlackEnergy malware is linked to several other attacks against key installations in the country.
Most notable was a 23 December attack on utilities companies in western Ukraine which cut power to around 80,000 homes for six hours, hitting multiple sub-stations.
BlackEnergy has been linked to a Russian-based APT group – the so-called ‘Sandworm Team’.
In 2014 it was pegged by the Department of Homeland Security’s ICS-CERT for a three year campaign against industrial control systems in various countries, although attribution back to the Kremlin has always been problematic.
As well as power stations, the group were observed attacking Ukrainian media organizations over recent months.
BlackEnergy itself dates back to 2007, when it was a relatively basic DDoS trojan. However, it emerged a few years later with a modular architecture which has featured in banking fraud and other targeted attacks.
Its destructive capabilities enabled the team behind it to wipe a large number of video files and documents related to the November local elections in Ukraine, CERT-UA has claimed.
A specific variant dubbed “KillDisk” was apparently used in the attacks on Ukrainian power stations, featuring functionality designed specifically to sabotage industrial systems.
Source: Information Security Magazine