An article by Business Insider claims that the cyber virus outbreak all leads to Russian state sponsored.
From the article:
“The first thing that raises a red flag to me is that, right now, Ukraine’s main antagonist is Russia,” said Alex McGeorge, the head of threat intelligence at Immunity Inc., a cybersecurity firm that specializes in nation-state cyberthreats.”
…
“Greg Martin, the CEO of the cybersecurity firm JASK, said he thought that because of its political climate and the geopolitical factors at play, “Ukraine was targeted by bad actors who have been using it as a cyberweapon testing ground over the past couple of years.”
An IT security specialist we spoke with had several issues with these speculative findings (wished to remain unnamed).
“I am still not sold on the Russian angle. The attack was based on the exact same modis operandi as WannaCry. The vector (how they “hack in”) was based on an NSA exploit that was found publicly on the internet. So in theory it was a simple copy/paste job with just a new email address and bitcoin address.
Also, if this was state sponsored, it would have taken a few lines of code to have it completely bypass any Russian held companies. Why did the worm target Russian held interests in Rosneft and Evraz? The whole idea that there is a gentlemen’s agreement between the FSB/hacking community seems very far fetched. There is no way you would risk shutting down operations within two major Russian companies, when it could easily be avoided. If it was state-sponsored, you could easily have added other random companies to the ‘non-target’ code to throw any computer security investigators checking into the code.
It was the largest attack in the Ukraine to date, but it still doesn’t mean that Russia is responsible. Also the IP’s that the mainstream media keep bringing up are laughable. If you are smart enough to launch a new global ransomware campaign, you are going to be smart enough to launch your attacks through one of the hundreds of IP proxy/compromised machines/anonymous services that are scattered across the globe.
”
A review of the computer security industry has led to the same skepticism similar to our interviewed IT security specialist.
Details of the attack can be found at Business Insider [Full Article]
