Massive supply chain cyberattack on the horizon in Ukraine, according to police

The attack may come through another booby-trapped software update, according to a cryptic press release published Thursday by the Secret Service of Ukraine.
(Flickr user eltpics)

Ukrainian government authorities are warning of a “large-scale” cyberattack against local government agencies and private companies through the deployment of another booby-trapped software update, according to a cryptic press release published Thursday by the Secret Service of Ukraine (SBU).

“SBU notifies about preparing of a new wave of large-scale attack against the state institutions and private companies,” the release notes. “The SBU experts received data that the attack can be conducted with the use of software updating, including public applied software. The mechanism of its realization will be similar to cyber-attack of June 2017.”

The use of the word “realization” in the SBU’s statement has led some security researchers to believe the government is likely  preparing, once again, for a destructive-style attack.

The SBU did not respond to a request for comment.


The ambiguous warning comes four months after a Russian hacking group, dubbed “Telebots” or “Sandworm Group” by security researchers, broke into a popular Ukrainian accounting software maker to infect the company’s update servers with destructive ransomware. For several weeks afterwards, whenever a user attempted to upgrade their software they would also download hidden, malicious computer code.

On June 27, millions of hidden logic bombs exploded, causing a rapid outbreak of “NotPetya” ransomware.

Products made by this Ukrainian accounting software firm, known as M.E.Doc, continue to be used by the country’s public and private sector. In the June 27 incident, multinational corporations with business ties to Ukraine, who had similarly installed the software, were caught up in the blast and lost millions of dollars due to disrupted business operations. Those corporations included American organizations.

The M.E.Doc incident is far from the only case of a group targeting a supply chain weakness to penetrate valuable organizations. For example, hackers were similarly able to corrupt the update mechanism behind a popular file cleaning tool named CCleaner to dispense custom backdoor implants into targeted technology firms.

The attackers in this case, according to some security researchers, may have come from hackers connected to the Chinese government.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts