The NCCC at the NSDC of Ukraine informs about the high level of cyber threat in Ukraine due to a large-scale cyberattack in the United States
Almost all US government agencies were affected by the attack. The hack occurred through the SolarWinds Orion Platform product management system update server (its versions 2019.4 - 2020.2.1 HF1). The attack is linked to the activities of the hacker group APT29 or Cozy Bear, which is in a way accused of links with the Russian foreign intelligence service.
According to the information currently available to the NCCC, the attack is very similar to the Ransom: Win32/Petya attack that occurred in Ukraine in 2017.
Given that SolarWinds products are not widely used by government agencies in Ukraine, the risks of damaging Ukrainian government systems are not critical. However, the high activity of hacker groups, associated with the Russian secret services, threatens those business entities that use this product and therefore poses a threat to Ukraine, which is in a state of hybrid war with the Russian Federation.
Business entities that use this product are encouraged to check their networks for compromise. Information on how to detect a threat in SolarWinds Orion products can be downloaded HERE.
It bears reminding that on December 12, the NCCC warned of an increased level of cyber threats in Ukraine due to a cyberattack against FireEye.