SBU claims Russia was behind NotPetya

So does ESET, which reckons the malware spread better than its authors expected


Ukraine's security service (SBU), which last week called on international help to trace the “NotPetya” outbreak, has upped the ante, accusing Russia of being the source of the malware.

On Saturday, the SBU went public with the claim, saying the outbreak came from the same sources that launched last December's attack on the country's electricity infrastructure.

The SBU says it has “reason to believe that the same hacking groups are involved in the attacks. Which in December 2016 attacked the financial system, transport and energy facilities of Ukraine using TeleBots and BlackEnergy.”

“This testifies to the involvement of the special services of Russian Federation in this attack.”

The SBU reckons NotPetya's failed attempt at extorting Bitcoin was never a serious ransom demand, but rather a cover for malware whose purpose was mayhem.

Reuters reports the SBU as saying: "The main purpose of the virus was the destruction of important data, disrupting the work of public and private institutions in Ukraine and spreading panic among the people."

The SBU statement is here.

Slovakian security outfit ESET agrees, at least in part. On Friday, it issued this analysis also linking NotPetya to the TeleBots and BlackEnergy groups.

Author Anton Cherepanov notes that enterprises in the Ukraine have been subject to continuing, if under-reported, long-term attack of which NotPetya is just the most recent.

The company speculates that the malware spread better than its authors expected: rather than staying in the Ukraine, it hopped on VPNs companies with a presence in the country used to connect to other international operations.

“The latest outbreak was directed against businesses in Ukraine, but they apparently underestimated the malware’ spreading capabilities. That’s why the malware went out of control”, the post claims. ®

Similar topics

Broader topics


Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022