Russia was behind global cyber attack, Ukraine says

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails

Sign up to our free breaking news emails

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Ukraine has accused Russian security services of being behind a major cyber attack that crippled operations around the world earlier this week.

The Eastern European country said its security service, the SBU, has determined that the attack, which appeared to begin in Ukraine before spreading across the globe on Tuesday, was orchestrated by the same hackers who attacked the Ukrainian power grid in December 2016.

“The available data, including those obtained in cooperation with international antivirus companies, give us reason to believe that the same hacking groups are involved in the attacks, which in December 2016 attacked the financial system, transport and energy facilities of Ukraine using TeleBots and BlackEnergy,” the SBU said in a statement.

“This testifies to the involvement of the special services of Russian Federation in this attack.”

The SBU had also said on Friday that it had seized equipment it claimed belonged to Russian agents in May and June to launch cyber attacks against Ukraine, as well as other countries.

Ukrainian politicians were also quick to lay blame for Tuesday’s attack on Russia, but a Kremlin spokesman dismissed the allegations as “unfounded blanket accusations”.

Cyber security firms are working to figure out who was behind the virus, dubbed NotPetya, which shut down computers, affected banks and brought operations at a Cadbury chocolate factory in Australia to a standstill.

The attack also affected major Russian firms, leading some cyber security researchers to believe it unlikely that Moscow could be behind the attack.

Experts have said that the software appeared to be part of a plan to crash as many systems, companies and countries as possible.

While the software appeared to operate as ransomware, demanding that users pay $300 (£227) to get their files back, making a payment wasn’t actually possible, suggesting that the ransom demands may have been a way of masking the true motives of those behind the malware.

The SBU also said in a statement on Saturday that the ransom demand was a cover, asserting that the attack was instead aimed at disrupting the operations of state and private companies in Ukraine and causing political instability.

“The main purpose of the virus was the destruction of important data, disrupting the work of public and private institutions in Ukraine and spreading panic among the people,” the SBU said.

“It is clear that this was targeted indiscriminately at Ukrainian businesses, and the Ukrainian government,” Jake Williams, president of the security firm Rendition Infosec and a former member of the US National Security Agency’s elite cyberwarfare group told Associated Press earlier this week.

He agreed that “the ‘ransomware’ component is just a smokescreen (and a bad one)”.

Relations between Ukraine and Russia have been in turmoil following Moscow’s annexation of Crimea in 2014 and the Kremlin-backed separatist insurgency in eastern Ukraine that has left more than 10,000 people dead.

A cyber attack on a Ukrainian state energy computer in December caused a power failure affecting the northern part of Kiev.

Ukraine has repeatedly accused Russia of being behind cyber attacks, including the hacking of Ukraine’s voting system ahead of the country’s 2014 national election, as well as an attack that forced its power grid offline in 2015.

The Russian foreign ministry and Federal Security Service have yet to respond to the new allegations.

Additional reporting by Reuters