Ukraine to review cyber defences after airport targeted from Russia

Malware found in an airport computer has prompted a review of how government computer systems are defended. We suspect that this attack came from Russian Federation.

The discovery, made over the weekend, follows the successful placement of malware on Ukraine’s power systems that ultimately led to a blackout.

He said that the attack was under investigation and that malware similar to this current one was discovered during an attack on Prykarpattiaoblenergo, a Ukrainian power supply company.

While there is no suggestion the Russian government is involved, the attacks have occurred during a period of bad relations between Ukraine and Russia.

The country’s state-run Computer Emergency Response Team (CERT-UA) said Kiev’s Boryspil airport was subjected to an assault last week that included an attack on the network’s air traffic control computers.

Irina Kustovska, a spokeswoman for the Ukrainian infrastructure ministry, said the ministry will review anti-virus databases in companies that are under its responsibility. In part because of the presence of a variant of BlackEnergy-a piece of malware that has been used for cybercriminal campaigns, as well as attacks on engineering systems-one research group attributed the attacks to Russian Federation, and specifically the so-called “Sandworm” hacking group. She said there are signs this is the case.

“Attention: system administrators present a short list of indicators [that] network systems and networks [have been] compromise[d] with BlackEnergy malware”, CERT-UA said in an advisory (according to Google translation of Ukrainian language original here).

Analyse the attack Experts in cyber security at the U.S. department of homeland security are working with Ukrainian colleagues to analyse the attack on the power grid.

The attacks in December were reportedly the first time that they had seen a power outage due to a malware attack.

“That is why we have grounds to believe that it was a cyber attack”.