“Ukrinform” news agency reports that their website suffered a cyber attack and was temporarily down. The agency reported this on Facebook.
“Ukrinform” advised the subscribers to read all news on their social media.
Later, the agency reported that it was working as usual. The website says the attack was powerful, but provides no details.
Later, the State Service of Special Communications and Information Protection of Ukraine reported that Ukrinform may have been hacked by the Sandworm group, which has ties to the Russian GRU.
“The state Computer Emergency Response Team of Ukraine (CERT-UA), which operates under the State Special Communications Service, is investigating the cyber attack on the Ukrainian National News Agency ‘Ukrinform’, which occurred on January 17. The Russian Telegram channel ‘CyberArmyofRussia_Reborn’ has already boasted of the hackers’ ‘achievement’, however, in reality, the attackers failed to interrupt the agency’s work,” the State Intelligence Service notes.
CERT-UA employees promptly localized the threat.
According to the experts’ preliminary data, the hackers carried out a centralized launch of the CaddyWiper malware in order to violate the integrity and availability of information with the help of group policy (GPO).
Taking into account the attack’s characteristic features, CERT-UA assumes that the cyber attack was carried out by UAC-0082 (Sandworm). This group is associated with the Chief Directorate of the General Staff of the Russian Armed Forces (GRU). This group is among those that attacked Ukraine most often in 2022.
Also, the state Computer Emergency Response Team notes that the aforementioned Telegram channel has been repeatedly used to highlight Sandworm’s malicious activity along with typical reports about DDoS attacks and defaces.
The data-destroying CaddyWiper malware was first detected in Ukraine in mid-March 2022.
Sandworm hackers also used it in a large-scale cyber attack on Ukraine’s energy sector last April.