SBU claims Russia was behind NotPetya

Ukraine's security service (SBU), which last week called on international help to trace the “NotPetya” outbreak, has upped the ante, accusing Russia of being the source of the malware.

On Saturday, the SBU went public with the claim, saying the outbreak came from the same sources that launched last December's attack on the country's electricity infrastructure.

The SBU says it has “reason to believe that the same hacking groups are involved in the attacks. Which in December 2016 attacked the financial system, transport and energy facilities of Ukraine using TeleBots and BlackEnergy.”

“This testifies to the involvement of the special services of Russian Federation in this attack.”

The SBU reckons NotPetya's failed attempt at extorting Bitcoin was never a serious ransom demand, but rather a cover for malware whose purpose was mayhem.

Reuters reports the SBU as saying: "The main purpose of the virus was the destruction of important data, disrupting the work of public and private institutions in Ukraine and spreading panic among the people."

The SBU statement is here.

Slovakian security outfit ESET agrees, at least in part. On Friday, it issued this analysis also linking NotPetya to the TeleBots and BlackEnergy groups.

Author Anton Cherepanov notes that enterprises in the Ukraine have been subject to continuing, if under-reported, long-term attack of which NotPetya is just the most recent.

The company speculates that the malware spread better than its authors expected: rather than staying in the Ukraine, it hopped on VPNs companies with a presence in the country used to connect to other international operations.

“The latest outbreak was directed against businesses in Ukraine, but they apparently underestimated the malware’ spreading capabilities. That’s why the malware went out of control”, the post claims. ®