KIEV (Reuters) - Hackers behind the NotPetya virus that hit Ukraine and spread around the world in June probably also designed malware called BadRabbit used in a more recent strike, a Ukrainian presidency official said on Tuesday.
The BadRabbit attack last week mainly affected Russia but also caused flight delays at Odessa airport in southern Ukraine and disrupted electronic payments in the Kiev metro.
“What we start observing is that there is a strong belief that the NotPetya and BadRabbit (is) being written by the same group, due to the type of the code and approaches,” Dmytro Shymkiv told the Reuters Cyber Security Summit in Kiev.
“BadRabbit and (Not)Petya, WannaCry, this is all from the same family, to test, to disrupt, to analyse how the cyber security community would react,” he added.
A former director at Microsoft in Ukraine, Shymkiv said more could have been done to mitigate BadRabbit if organisations had followed recommendations on how to deal with malware, including basics such as not clicking on suspicious messages.
Shymkiv’s assessment chimed with that of Russia-based cyber firm Group-IB, who said that BadRabbit shared an important piece of code with NotPetya.
However, experts caution that attributing cyber attacks is notoriously difficult, as hackers regularly use techniques to cover their tracks and sometimes deliberately mislead investigators about their identity.
Ukrainian officials have said the NotPetya attack directly targeted Ukraine and was carried about by a hacking group widely known as Black Energy, which some cyber experts say works in favour of Russian government interests. Moscow has repeatedly denied carrying out cyber attacks against Ukraine.
Shymkiv said it was difficult to definitively identify who was behind the BadRabbit attack, speculating, for example, that the creators of NotPetya could have sold the BadRabbit virus to another group of hackers.
Ukraine has been a frequent victim of cyber attacks that have conked out power to thousands of homes, frozen supermarket tills and paralysed government computers. Shymkiv and others see Ukraine as a testing ground for Russian attacks.
He said he was sure more attacks are on the way and, when asked what new threats had emerged recently, cited an incident in the summer when ships in the Black Sea had their Global Positioning System (GPS) hacked.
“It’s been a concern (within) the government, it’s been a concern among the cyber community,” he said.
Shymkiv said recent cyber attacks had forced Ukraine to become more savvy in dealing with threats and it had also increased coordination particularly with the United States.
For example, U.S. government officials this year have been training Ukrainian energy ministry officials on how to combat hacking, Shymkiv said. Coordination is “ramping up. There is a lot of appetite to learn from each other,” he said.
For more Reuters cyber news, go to www.reuters.com/cyberrisk
Follow Reuters Summits on Twitter @Reuters_Summits
Editing by Mark Heinrich