Ukraine has accused Russian security services of being involved in a major cyber attack Petya that locked up computers in more than 60 countries, disrupting businesses from Mumbai to Los Angeles and halting production at a Cadbury factory in Australia. Ukranian institutions were also hit by the cyber attacks, in Kiev, on June 27.
Ukrainian security agency, SBU said on Saturday that the attackers appeared uninterested in making profit from the ransomware program rather aimed at destroying important data and spreading panic.
According to analysts term of “TTPs” — the tactics, techniques and procedures of Petya’s operators, point to Kremlin’s playbook. Cyber investigators found it similar to previous attack on Ukranian power grid in December 2016 and both had shown the participation of Russian intelligence services.
"The available data, including those obtained in cooperation with international antivirus companies, give us reason to believe that the same hacking groups are involved in the attacks, which in December 2016 attacked the financial system, transport and energy facilities of Ukraine using TeleBots and BlackEnergy," the SBU said.
Cyber security analysts and Western intelligence officials believe that Petya cyber attack that crippled dozens of businesses worldwide, conked out computers, hit banks; disrupted shipping was the work of hostile government, not a criminal group.
The apparently indiscriminate impact of the attack that hit range of organizations from the Danish shipping giant Maersk to the US pharmaceuticals group Merck — has set alarm bells ringing for security agencies in Europe and the US.
The attack also hit major Russian firms, leading some cyber security researchers to suggest that Moscow was not behind it.
There was no immediate official response from the Russian Government, but Russian politician Igor Morozov told reporters that the Ukrainian charges were "fiction" and that the attacks were likely the work of the United States.
It signals a new and dangerous escalation of the global cyber arms race. It highlights the extent to which hostile states are prepared to push boundaries, regardless of collateral damage, thanks to their increasing ability to obfuscate and divert attention using old-fashioned spy tradecraft, technical sophistication and the criminal and hacking communities of the dark web for cover.