KIEV (Reuters) – Hackers from Russia infect Ukrainian companies with malicious software to create "backdoors" for a large, coordinated attack, Ukraine's chief of police told Reuters on Tuesday.
The hackers are targeted at companies, including banks and energy infrastructure companies, who suggest that they prepare to activate the malware in a massive attack, said Serhiy Demedyuk, head of cyber police. The Ukrainian police is working with foreign authorities to identify the hackers, added Demedyuk.
Law enforcement agencies and security teams around the world are turning their attention to cyber threats in Ukraine, where some of the most destructive hacks in history have arisen. A virus called "NotPetya" hit Ukraine in June 2017, triggering government agencies and companies before spreading to corporate networks around the world, causing billions of dollars in losses for companies.
"The fact that the Ukrainian government has decided to go public shows that they are afraid that this can have a big impact and make people aware of it," said Jaime Blasco, chief scientist at cybersecurity firm AlienVault ,
It is difficult to stem the effects of a cyberattack within a nation, so it is possible that this new threat could spread around the globe, he added.
Since the beginning of the year, the Ukrainian police have identified viruses in phishing e-mails sent by legitimate domains of government institutions whose systems have been hacked and fake websites that mimic those of a real state organ.
Hackers have attempted to escape discovery by splitting malware into separate files that will be plugged into target networks before they are activated, Demedyuk said.
"The analysis of the malicious software already identified and the attacks on Ukraine indicate that all this is done for a given day," he said.
Relations between Ukraine and Russia crashed after the Russian annexation of Crimea in 2014, and Kiev accused Russia of organizing large-scale cyber attacks in a "hybrid war" against Ukraine, which repeatedly denies Moscow.
Some attacks coincided with the big Ukrainian holidays. Demedyuk said another strike could start on Thursday – the Constitution Day – or Independence Day in August.
The United States and Britain joined Ukraine and blamed Russia for the 2017 NotPetya campaign. Quarterly results from major global corporations such as Cadbury chocolate maker Mondelez International and cargo logistics company FedEx have been paid dearly.
Representatives at the US FBI could not be found on Tuesday afternoon for comment.
The extent of the current campaign is the same as NotPetya, according to Demedyuk.
"This is government support – very expensive and very synchronized – it would not be possible without the help of government agencies – we are now talking about the Russian Federation," he said.
"Everything we see, everything that we caught at this time: 99 percent of the tracks come from Russia."
The Kremlin has not responded to a request for comment.
Ukraine is better prepared to withstand such attacks thanks to cooperation with foreign allies including the United States, Britain and NATO, Demedyuk said.
However, there are some Ukrainian companies that did not clean their computers after NotPetya struck, which means that they are still infected by this virus and are vulnerable to another attack.
"We raise the alarm to remind people – come to your senses, check your equipment," he said.
Reporting by Pavel Polityuk; Additional coverage by Angela Moon in New York and Margarita Popova in Moscow; Letter from Matthias Williams; Arrangement by Philippa Fletcher, Jim Finkle and Lisa Shumaker