Cyberpolice, State Special Communications and SBU together with international experts establish sources of origin of cyber attacks on state websites
95% of the sites affected by the cyber attack on state information resources on Friday night have already resumed their work. The recovery of the remaining resources continues.
At the same time, it is already possible to argue that the attack is more complex than modifying the start page of websites. A number of external information resources were destroyed by the attackers in manual mode. The short timing of the attack indicates the coordination of the actions of hackers and their multiplicity.
A version of the combination of three attack vectors is currently being worked on: supply chain attack, exploitation of OctoberCMS vulnerabilities and Log4j. Also, starting Friday, DDoS attacks on a number of affected state authorities are being recorded. The working group engaged international experts to reliably establish the source of the attack.
Also, as part of cooperation with Microsoft, the version is being checked for the use of the wiper program, which destroys data.
Cyber Police Department of the National Police of Ukraine
