In Ukraine, attempts to disseminate harmful documents through the System of Electronic Interaction of Executive Bodies were recorded. This was announced by the National Coordination Center for Cybersecurity under the National Security and Defense Council (NSDC).
The message says that the attack was carried out in order to massively infect the information resources of government agencies, because it is with the help of this system that document circulation is carried out in most government bodies.
"The harmful documents contained a macro that, when the files were opened, secretly downloaded a program to control the computer remotely. Methods and means of implementing this cyberattack make it possible to associate it with one of the hacker spy groups from the Russian Federation," the department said.
The department also added that the attack refers to a supply chain attack that targets the supply chain. Under it, attackers want to gain access to the target organization, but not directl. They gain it through vulnerabilities in the tools and services it uses.
The Coordination Center also added that one of the largest similar operations can be called NotPetya in 2017 that aimed to damage the Ukrainian infrastructure and Solorigate (Russia's operation), which is now being investigated in the United States.
"In these cases, the harmful program code was distributed through widespread software (MEDOC in Ukraine and Solarwinds products in the USA) that was compromised by the attackers," the Ministry concluded.
Context. In September last year, the sites of the National Police of Lviv, Rivne, Vinnytsia, and Kherson, as well as the website of the city council of Varash (Rivne region) were hacked. In particular, the attackers spread fake news that some Ukrainian media began to broadcast.