Russian military involved in NotPetya attacks: UK

Russian military involved in NotPetya attacks: UK

The UK government has officially accused the Russian government of June's disruptive and hugely costly NotPetya malware attack.

"The UK Government judges that the Russian government, specifically the Russian military, was responsible for the destructive NotPetya cyber-attack of June 2017," Foreign Office minister for Cyber Security, Tariq Ahmad, said in a statement.

"The attack showed a continued disregard for Ukrainian sovereignty. Its reckless release disrupted organizations across Europe, costing hundreds of millions of pounds."

Initially, NotPetya was thought to be ransomware, but security researchers quickly concluded it was more likely to be destructive malware designed to wipe systems.

The UK's National Cyber Security Centre (NCSC) today revealed it came to the same conclusion, noting that the malware was only masquerading as ransomware and its main purpose was to disrupt.

The NCSC said the Russian military was "almost certainly responsible" for the NotPetya attack.

Shipping container firm Maersk, FedEx's Dutch delivery subsidiary TNT Express, and UK firm Reckitt Benckiser were among global firms that suffered severe disruptions and several hundred million dollars in lost revenue. However, the firms, however, were collateral damage in the ongoing conflict between Ukraine and Russia.

Below is the flow of Petya Attack Flow : 

Russian military involved in NotPetya attacks: UK

NotPetya employed the NSA exploits for Windows known as EternalBlue and EternalRomance as well as credential-dumping tools to spread internally across networks once one machine was infected. The exploits were leaked in April by The Shadow Brokers.

The malware initially infected organizations via a compromised update from Ukraine accounting software provider MEDoc. Its MEDoc software is one of two accounting packages required for companies doing business in Ukraine and is widely used by Ukraine agencies.

Maersk, which used MEDoc at its Ukraine offices, recently revealed it was forced to reinstall 45,000 PCs, 4,000 servers and 2,000 applications hit by NotPetya. The company reported losses of $300m due to the incident.

NCSC notes that Ukraine's financial, energy and government institutions bore the brunt of NotPetya. However, the "indiscriminate design" of the malware caused it to spread to other European and Russian businesses.

Though it is unusual to officially blame another nation for a cyber attack, the US and Five-Eye partners blamed the WannaCry ransomware attack on North Korea. The idea, in part at least, is to name and shame nation-state attackers for their actions.

Russia and North Korea have consistently denied responsibility for the NotPetya, WannaCry, and other cyber attacks.

The UK's Ahmad said the Kremlin has positioned Russia in direct opposition to the West.

"It doesn't have to be that way. We call upon Russia to be the responsible member of the international community it claims to be rather than secretly trying to undermine it," he said.

"The United Kingdom is identifying, pursuing and responding to malicious cyber activity regardless of where it originates, imposing costs on those who would seek to do us harm."