CIA: Russian intelligence agency GRU was behind the NotPetya attack
According to the Washington Post, the CIA is very confident that GRU, the general intelligence chief of the Russian Armed Forces General Staff, is behind the scenes of NotPetya ransomware. Although most of the equipment hit by NotPetya attacks is located in Ukraine, the malware also spread to other countries, including Denmark, India and the United States.
The Washington Post said the news was learned from U.S. intelligence officials, but the CIA declined to comment. The report pointed out that “Ukraine has always been an important target of the GRU cyber attack, as evidenced by Russia’s annexation of Crimea.” At the time, hackers chose to launch the NotPetya cyber attack on Ukraine’s constitutional day.
The Washington Post reported that the attacks reflected the fact that Russia made cyber-space offensive a part of the “mixed-war” strategy. Russia’s combination of cyberattacking with traditional military means that Russia has achieved its goal of regional control through cyber attacks. British Government Communications Headquarters (GCHQ), former head of Robert · Hannigan said that this is a bolder, more aggressive mode of action.
Russian GRU uses “puddles” to attack sites that may be targeted for infection. In the NotPetya attack, hackers targeted Ukrainian websites that offer tax and accounting software updates.
Jack Williams, a founder of Rendition Infosec, a cyber-security company, said it was also a strategy by the Russian government to attack the industrial control system network. The goal of Russian hackers to launch NotPetya attacks is to undermine the Ukrainian financial system. At the time, attackers used data that appeared to be blackmail software to encrypt the victim’s data and asked for the ransom to create the illusion of a criminal hacker or hacker’s organization in order to confuse the audiovisual.
CIA said the hackers worked for GTsST, a technical center for GRU in Russia. The unit is heavily involved in GRU’s cyber attack programs, including influential actions.
Source: washingtonpost
