Hackers tried to access confidential data in phishing attacks launched in parallel with a ransomware strike called BadRabbit last week, Reuters reports, citing the head of the Ukrainian state cyber police.
The BadRabbit attack mainly affected Russia but also hit the headlines in Ukraine – a frequent victim of cyber strikes – by causing flight delays at Odessa airport on the south coast and disrupting electronic payments in the Kiev metro, the news agency said.
“During these attacks, we repeatedly detected more powerful, quiet attacks that were aimed at obtaining financial and confidential information,” cyber police chief Serhiy Demedyuk told the Reuters Cyber Security Summit in Kiev.
The discovery suggests Ukraine may have been a key target of last week’s attacks, despite the higher incidence of BadRabbit victims in Russia.
Demedyuk said it was a kind of “hybrid attack” that is becoming increasingly common. “There is an open, let’s say instantly obvious attack, while underneath there is a hidden, fairly well-thought-out attack, to which nobody pays attention.”
“The main theory we’re working on now is that [the perpetrators of both attacks] were one and the same,” he said. “The goal was to get remote and undetected access.”
The parallel attack targeted users of Russian-designed software called 1C with phishing emails that appeared to be from the developer, Demedyuk said.
1C’s developer did not immediately respond to a request for comment from Reuters.
A distributor of 1C in Ukraine, who asked not to be named, confirmed that customers had been targeted and said it had warned users to take extra precautions as a result.
– Contact us at [email protected]