A cyber report published by intelligence agencies in the UK and US on Wednesday has attributed insidious new malware to a notorious Russia-backed hacking group.
The findings come amid concerns of potential Russian cyber-attacks against Ukraine as the threat of war in the region grows.
The joint research was published by the National Cyber Security Centre in the UK and US agencies including the National Security Agency. It warned that a Russian state-backed hacker group known as Sandworm had developed a new type of malware called Cyclops Blink, which targets firewall devices made by the manufacturer Watchguard to protect computers against hacks.
The sophisticated virus can withstand typical remedies including reboots, the report said. The findings come as the UK and US, allies to Ukraine, are on high alert for Russian state-sponsored hacks. The agencies added that their statement was a “routine advisory” not directly linked to the situation in Ukraine.
However, the US cybersecurity firm Mandiant said the announcement was a reminder of the damage that could be inflicted by Sandworm, which has been blamed for the devastating NotPetya attack on Ukraine in 2017. John Hultquist, a vice-president at Mandiant Threat Intelligence, said Sandworm remained a “capable and clever” adversary.
“In light of the crisis in Ukraine we are very concerned about this actor, who has surpassed all others we track in terms of the aggressive cyber-attacks and information operations they have conducted,” he said. “No other Russian actor has been so brazen and successful in disrupting critical infrastructure in Ukraine and elsewhere.”
Ukraine has suffered a string of cyber-attacks that Kyiv has blamed on Russia. Moscow, which is caught up in a mounting confrontation with the west over Ukraine, has denied any involvement.
Wednesday saw a massive distributed denial of service (DDoS) attack that targeted websites of Ukraine’s government and banks.
“At about 4pm, another mass DDoS…