The Security Service of Ukraine believes a group of hackers called Fancy Bear, allegedly linked to Russia's Main Intelligence Directorate, was behind last week's Bad Rabbit ransomware attack, CyberScoop reports.
Ukraine officials claim the group coordinated the attack, which disrupted operations at multiple organizations including government agencies, transportation services and news outlets throughout Ukraine and Russia, the agency wrote in a letter to CyberScoop Wednesday.
According to the letter, officials allege the attackers intended for Bad Rabbit to act as a smokescreen while they sent targeted phishing emails to various organizations in an attempt to gain access to "financial and confidential information." However, it is unclear whether Ukraine officials are also blaming Fancy Bear for the phishing component of the attacks.
"Given the scale of the infrastructure created for the attack (more than 50 pre-compromised sites, a number of leased servers and domain names), high qualifications of the developers of malicious software and unbiased performers, as well as the lack of mercenary motives for the purpose of attack, the [Security Service of Ukraine] has reason to suspect, that the group [Fancy Bear] is behind these events," the letter written by the Security Service of Ukraine and translated by CyberScoop reads.
More articles on cybersecurity:
A data breach cost $3.6M on average in 2017: 6 things to know