Andy Greenberg, a Senior Writer for Wired and author of "Sandworm," dives into the NotPetya cyber attack that devastated Ukraine in 2017. He details how the attack spread through software updates, crippling vital infrastructure like Oshad Bank. Unraveling its deceptive ransomware facade, Greenberg discusses its catastrophic impact on multinational companies, including Maersk and FedEx. He examines the geopolitical implications and the involvement of Russian hacker groups, shedding light on the dark reality of modern cyber warfare.
NotPetya was a devastating cyber attack that took place in Ukraine in 2017 as part of a larger cyber war between Russia and Ukraine, highlighting the vulnerability of interconnected systems in a globalized world.
NotPetya was a sophisticated combination of a worm and ransomware, spreading rapidly through networks and encrypting entire systems, causing widespread disruption and financial losses estimated at $10 billion.
The Russian military intelligence agency, GRU, was behind the NotPetya attack, which was seen as part of Russia's ongoing cyber war against Ukraine, in conjunction with physical aggression and previous cyber campaigns.
Deep dives
The Genesis of NotPetya
NotPetya was a devastating cyber attack that took place in Ukraine in 2017. It was part of a larger cyber war between Russia and Ukraine, characterized by escalating attacks on critical infrastructure. The attack targeted various sectors, including banking, government agencies, power companies, hospitals, and transportation. NotPetya was a sophisticated combination of a worm and ransomware, spreading rapidly through networks and encrypting entire systems. It caused widespread disruption and financial losses estimated at $10 billion.
The Tools Behind NotPetya
The attackers used two powerful tools, MimiKatz and EternalBlue, to launch and propagate NotPetya. MimiKatz is a program that exploits a vulnerability in Windows computers, storing usernames and passwords in clear text in the computer's memory. It allows hackers to extract this information and authenticate themselves on other computers using these credentials. EternalBlue, on the other hand, exploits a vulnerability in a Windows function called server message block (SMB), allowing remote code execution on vulnerable machines. These tools, combined with a modified version of the Petya ransomware, created a devastating attack that spread rapidly and encrypted entire systems, rendering them useless.
Ukraine as the Primary Target
The primary target of NotPetya was Ukraine, where the attack originated. The attackers specifically targeted a small software company called M.E.Doc, which provided accounting software widely used in Ukraine. By compromising the software's update mechanism, the attackers were able to distribute NotPetya to thousands of computers across Ukraine. The attack quickly spread beyond Ukraine, affecting multinational companies that had connections to Ukrainian networks. This widespread impact highlighted the vulnerability of interconnected systems in a globalized world.
The Attribution to Russia
Although initially there were no public attributions, it became increasingly clear that the Russian military intelligence agency, GRU, was behind NotPetya. The US Department of Justice, along with intelligence agencies from other Five Eyes nations, formally accused Russia of orchestrating the attack. Security researchers and investigations provided evidence linking NotPetya to a group called SandWorm, believed to be associated with the GRU. The attack was seen as part of Russia's ongoing cyber war against Ukraine, in conjunction with physical aggression and previous cyber campaigns.
The Impact and Aftermath
NotPetya had a significant impact, causing financial losses estimated at $10 billion. The attack paralyzed critical infrastructure, including government agencies, banks, hospitals, and transportation networks. Multinational companies also suffered from the attack. Recovery efforts involved rebuilding networks, restoring systems from backups, and implementing improved security measures. It was a complex and costly process, highlighting the immense challenges and consequences of sophisticated cyber warfare.
The story of NotPetya, seems to be the first time, we see what a cyber war looks like. In the summer of 2017 Ukraine suffered a serious and catastrophic cyber attack on their whole country. Hear how it went down, what got hit, and who was responsible.
Guest
Thanks to Andy Greenberg for his research and sharing this story. I urge you to get his book Sandworm because it’s a great story.
Sponsors
This episode was sponsored by Linode. Linode supplies you with virtual servers. Visit linode.com/darknet and when signing up with a new account use code darknet2019 to get a $20 credit on your next project.
Support for this episode comes from Honeybook. HoneyBook is an online business management tool that organizes your client communications, bookings, contracts, and invoices – all in one place. Visit honeybook.com/darknet to get 50% off your subscription.
This episode was sponsored by CMD. Securing Linux systems is hard, let CMD help you with that. Visit cmd.com/dark to get a free demo.
