Ukraine cyber security firm warns of possible new attacks

Kiev (Reuters): Ukrainian cyber security firm ISSP said on Tuesday it may have detected a new computer virus distribution campaign, after security services said Ukraine could face cyberattacks similar to those which knocked out global systems in June.

The 27 June attack, dubbed NotPetya, took down many Ukrainian government agencies and businesses, before spreading rapidly through corporate networks of multinationals with operations or suppliers in eastern Europe.

ISPP said that, as with NotPetya, the new malware seemed to originate in accounting software and could be intended to take down networks when Ukraine celebrates its Independence Day on 24 August.

“This could be an indicator of a massive cyberattack preparation before National Holidays in Ukraine,” it said in a statement.

In a statement, the state cyber police said they also had detected new malicious software.

The incident is “in no way connected with global cyberattacks like those that took place on June 27 of this year and is now fully under control,” it said.

The state cyber police and the Security and Defence Council have said Ukraine could be targeted with a NotPetya-style attack aimed at destabilising the country as it marks its 1991 independence from the Soviet Union.

Last Friday, the central bank said it had warned state-owned and private lenders of the appearance of new malware, spread by opening email attachments of word documents.

Ukraine – regarded by some, despite Kremlin denials, as a guinea pig for Russian state-sponsored hacks – is fighting an uphill battle in turning pockets of protection into a national strategy to keep state institutions and systemic companies safe.