On Friday January 14, 2022 there was a cyber attack on several websites of the Ukrainian government and embassy. Commentary on the incident by John Hultquist, VP of Intelligence Analysis, Mandiant.
“The sweeping defacement of several Ukrainian government websites is consistent with incidents we have observed in the past as tensions have risen in the region. The Ministry of Foreign Affairs was already defamed during the invasion of Georgia in 2008. The Georgian President was then compared to Hitler. As recently as 2019, GRU unit 74455 (“Sandworm”) carried out mass defacements in Georgia.
Patriotic hackers or government actors?
This incident could be the work of government actors as well as actors only supported by the government. However, it would also be possible for independent sections of civil society to be responsible. In the past, most defacements were performed by hackers at the lowest level, sometimes posting patriotic messages on the targeted websites. However, actors supported by the government have also carried out such activities.
The reference to the dispute between Poland and Ukraine in the inserted messages suggests that the actor wants to pretend to be a Polish nationalist. This claim is dubious. Fake nationalist hacktivists are regularly deployed by Russian actors to deny their aggressive activities. For example, the Russians used the name of the group Anonymous Poland for information campaigns against the Olympic organizers after Russian athletes were banned from the 2016 Games.
Multiple Targets – One Attacker?
Although an incident that hits multiple targets simultaneously looks like a complex, sophisticated operation, it could be the result of a single access to a content management system. It's important not to overestimate the skills required to perform such an attack.
As tensions rise, more aggressive cyber activity is expected in Ukraine and possibly elsewhere. These activities can range from website defacements and DDOS to malicious attacks targeting critical infrastructure. Businesses need to prepare now,” said John Hultquist, VP of Intelligence Analysis, Mandiant.
More at Mandiant.com
About Mandiant Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response. With decades of experience on the cyber frontline, Mandiant helps organizations confidently and proactively defend against cyber threats and respond to attacks. Mandiant is now part of Google Cloud.