Officials in Ukraine are set to reconsider the state's cyber security and defense systems, including those at airports and railway stations, after a recent malware attack on Kiev's main airport Boryspil that targeted its air traffic control system. The Ukrainian defense ministry believes the attack was launched from a server within Russia.
Malware akin to that which was used to attack Ukrainian power companies in December 2015 was detected last week on a computer in the IT network of Boryspil airport, a key transport hub connecting Ukraine to the rest of the world.
Irina Kustovska, a spokeswoman for Ukraine's infrastructure ministry, which oversees airports, railways, and other transport networks, said the ministry intends to initiate a review of anti-virus databases at Boryspil airport and in other companies it is responsible for.
At a press briefing on January 16, Ministry of Defense spokesman Andriy Lysenko announced that state cybersecurity experts discovered an airport workstation infected with the BlackEnergy malware, linked to other recent cyber attacks on Ukraine. Experts isolated the infected computer from the airport's IT network.
“The control center of the server, where the attacks originate, is in Russia,” Lysenko told Reuters news agency, adding that the malware in Boryspil's system had been detected early on and that no damage had been done. At this stage, Ukrainian authorities have made no mention of the Russian government in their statements on the matter.
Ukraine's state security service has previously blamed Russia for the blackout in Ukraine's western Ivano-Frankivsk region on December 23 that affected about 80,000 citizens. At the time, a local power company, Prycarpattyaoblenergo, reported that part of its service area, including the regional capital Ivano-Frankivsk, was left without power for over six hours due to “interference” in its industrial control systems. The cybersecurity research team iSIGHT Partners linked the attack to the Russian hacker collective known as the Sandworm Team based on their analysis of the BlackEnergy software, reportedly used in the attack.
On January 18, Ukraine's state Computer Emergency Response Team (CERT-UA) issued a warning about the threat of more attacks connected to BlackEnergy, calling on system administrators to keep an eye out for suspicious indicators in log-files and Internet traffic.
“The control center of the server, where the attacks originate, is in Russia”
Hmm. This appears to be a sophisticated attack. And so, if the return address points to Russia, wouldn’t it be reasonable to assume that “the control center of the server” (whatever the hell that is) is obviously NOT in Russia?
I think I got your point: somebody wants to make us believe that the attack came from Rus.Fed. However, there’s another level of sophistication: Russians produced this attack in such a way that the attack appears as coming from somebody else who wants that the attack appears as coming from Rus.Fed.
Anything is possible. Nevertheless. this piece implies that the alleged location of “the control center of the server” is the proof of Russian (the RF government’s, in fact) involvement – without considering the obvious possibility of spoofing, or perhaps third parties using servers on the Russian territory. Sophistication is not a characteristic of the western so-called ‘journalism’ these days, especially when Russia is blamed for something…