Dubbed WhisperGate, the malware is a wiper that was used in cyberattacks against website domains owned by the country’s government. The spate of attacks led to the defacement of at least 70 websites and a further 10 subject to “unauthorized interference,” according to the Security Service of Ukraine, State Special Service and Cyber Police.  The wave of attacks was made public on January 14. Websites impacted included the Ukrainian Foreign Ministry, the Ministry of Education and Science, and various state services. The defacement and reported compromise of at least two government systems come at a time when there appears to be a growing threat of invasion by Russia into Ukraine, despite the country denying any such plans. The UK has recently pulled a number of UK embassy staff out of Kyiv in response. Microsoft has published an analysis of WhisperGate, which was discovered on January 13. In a follow-up, Cisco Talos said it was likely that stolen credentials provided the access point for the deployment of the wiper.

Subscribe
Notify of
guest

3 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
January 25, 2022 12:15 pm

<p>Stolen credentials being abused continues to be a major factor in many malware campaigns. However, identity infrastructure is insufficient to prevent seemingly legitimate users from doing damage. User access analytics with advanced machine learning models that understand how users are engaging in abnormal behaviors which we can then clearly attribute to a malware attack with high confidence. Only a next generation SIEM with these specific capabilities can help security teams with a critical vector of many major attack campaigns in order to accelerate an appropriate response.</p>

Last edited 10 months ago by Saryu Nayyar
Chris Olson
Chris Olson , CEO
InfoSec Expert
January 25, 2022 12:14 pm

<p>New reports on the ‘<span class=\"il\">WhisperGate</span>’ malware prove that global cyber actors are becoming more sophisticated, more dangerous and better at evading detection. As web-based attacks become increasingly intertwined with political motives, we expect a rise in similar incidents targeting government agencies, big corporations and critical infrastructure.</p>
<p>It’s crucial for decision makers to realize that Web is a powerful threat vector: more powerful than email, and other traditional channels for cyberattacks. Going forward, continuous monitoring of digital assets is the only way to stay safe, collect evidence, and keep up with a constantly shifting cyber landscape.</p>

Last edited 10 months ago by Chris Olson
Bryson Bort
Bryson Bort , Founder & CEO
InfoSec Expert
January 25, 2022 12:12 pm

<p>WhisperGate reflects the gray area of destruction and disruption that nation state actors use as a lever in realpolitik: in this case, Russia is using these tactics because there is no reprisal they fear from Ukraine and her allies while making a clear threat of more. Expect more. And, the rest of us can only hope the collateral damage is contained.</p>

Last edited 10 months ago by Bryson Bort
Information Security Buzz
3
0
Would love your thoughts, please comment.x
()
x