Skip to main contentSkip to navigationSkip to navigation
people hold sign that says 'stop putin, stop war' on blue and yellow background, colors of Ukraine flag
Ukrainian people and supporters protest over the Russian threat of invasion outside the Russian embassy in London. Photograph: Martin Godwin/The Guardian
Ukrainian people and supporters protest over the Russian threat of invasion outside the Russian embassy in London. Photograph: Martin Godwin/The Guardian

Russia-backed hackers behind powerful new malware, UK and US say

This article is more than 2 years old

Report comes as Ukraine faces cyber-attack and allies brace for state-sponsored hacks

A cyber report published by intelligence agencies in the UK and US on Wednesday has attributed insidious new malware to a notorious Russia-backed hacking group.

The findings come as Russia launches an invasion of Ukraine.

The joint research was published by the National Cyber Security Centre in the UK and US agencies including the National Security Agency. It warned that a Russian state-backed hacker group known as Sandworm had developed a new type of malware called Cyclops Blink, which targets firewall devices made by the manufacturer Watchguard to protect computers against hacks.

The sophisticated virus can withstand typical remedies including reboots, the report said. The findings come as the UK and US, allies to Ukraine, are on high alert for Russian state-sponsored hacks. The agencies added that their statement was a “routine advisory” not directly linked to the situation in Ukraine.

However, the US cybersecurity firm Mandiant said the announcement was a reminder of the damage that could be inflicted by Sandworm, which has been blamed for the devastating NotPetya attack on Ukraine in 2017. John Hultquist, a vice-president at Mandiant Threat Intelligence, said Sandworm remained a “capable and clever” adversary.

“In light of the crisis in Ukraine we are very concerned about this actor, who has surpassed all others we track in terms of the aggressive cyber-attacks and information operations they have conducted,” he said. “No other Russian actor has been so brazen and successful in disrupting critical infrastructure in Ukraine and elsewhere.”

Ukraine has suffered a string of cyber-attacks that Kyiv has blamed on Russia. Moscow, which is caught up in a mounting confrontation with the west over Ukraine, has denied any involvement.

Wednesday saw a massive distributed denial of service (DDoS) attack that targeted websites of Ukraine’s government and banks.

“At about 4pm, another mass DDoS attack on our state began. We have relevant data from a number of banks,” said Mykhailo Fedorov, minister of digital transformation, adding that the parliament website was also hit.

Ukrainian authorities said this week they had seen online warnings that hackers were preparing to launch major attacks on government agencies, banks and the defense sector.

Wednesday’s hack was consistent with the country’s tactics to distract and disrupt adversaries while “providing a level of plausible deniability”, said Rick Holland, chief information security officer at the cybersecurity firm Digital Shadows.

“Russia didn’t just decide to invade Ukraine this week,” he said. “Military planners have prepared for this campaign years in advance. Disinformation, false flags, DDoS attacks, and destructive wiper malware are a part of Russian military doctrine; the battle plans have been drawn up and are now being executed.”

The White House said on Wednesday that it was in touch with Ukrainian authorities about their cybersecurity needs, in the wake of the fresh cyber-attack, which the US government has not yet attributed.

“We are in conversations with Ukraine regarding their cyber-related needs including as recently as today and we’re going to move with urgency to assess the nature and extent of this, what steps need to be taken, and therefore a response,” the White House press secretary, Jen Psaki, said.

Reuters contributed reporting

Most viewed

Most viewed