Business
    Next Score View the next score

    Framingham cybersecurity firm detects new attack in Ukraine

    epa05771714 Ukrainian servicemen stand near of their armed personal carrier (APC) at the eastern city of Avdiivka, Donetsk area, Ukraine, 04 February 2017. Heavy artillery and rockets have hit residential and industrial areas amid a new outburst of fighting between government troops and Russia-backed separatist rebels. The fighting in Avdiivka damaged infrastructure and left residents with power and heating outages amid freezing conditions. EPA/VOLODYMYR PETROV
    VOLODYMYR PETROV/European Pressphoto Agency
    Ukraine is already believed to be the target of a massive cyberwarfare campaign run by Russia, which annexed the Ukrainian territory of Crimea in 2014 and has been involved in a tense military standoff with Ukraine ever since.

    The Framingham-based Internet security firm CyberX said it has spotted a new weapon in the ongoing cyberwar between Russia and Ukraine — a program called BugDrop that is being used to steal vast amounts of sensitive data from Ukrainian businesses and institutions.

    “It looks very professional ... and most important, very successful,” said CyberX co-founder Nir Giller, a former engineer for the Israel Defence Forces cybersecurity unit.

    Ukraine is already believed to be the target of a massive cyberwarfare campaign run by Russia, which annexed the Ukrainian territory of Crimea in 2014 and has been involved in a tense military standoff with Ukraine ever since.

    Advertisement

    In 2015, an electrical outage cut power to 230,000 Ukrainian homes in what US authorities concluded was the world’s first successful hack of a nation’s electrical grid. A similar attack in late December 2016 cut power to a large part of the Ukrainian capital, Kiev.

    Get Talking Points in your inbox:
    An afternoon recap of the day’s most important business news, delivered weekdays.
    Thank you for signing up! Sign up for more newsletters here

    In BugDrop, attackers are using booby-trapped Microsoft Word documents to get inside computer systems and copy vital data, according to CyberX. The infected machines record all keystrokes, take screenshots of the monitor, and even activate the computer’s microphone to record voices. All the data is encrypted and sent to a Dropbox account.

    Giller estimated that BugDrop has collected up to 3 gigabytes of data per day since it was launched, probably last year.

    More than 70 organizations have been hit by BugDrop, including two Ukrainian newspapers, a company that makes oil and gas pipeline equipment, a company that designs water systems and electrical substations, and an international human rights organization.

    CyberX researchers also found infected computers in Russia, Austria, and Saudi Arabia.

    Advertisement

    CyberX has not identified the perpetrators but noted that since BugDrop attackers would need ample resources, the attack could be state-sponsored. But they don’t know which state is behind it. Some of the targets are in regions of Ukraine dominated by pro-Russia separatists, leading Phil Neray, CyberX vice president of industrial cybersecurity, to question whether Moscow or Kiev is behind the BugDrop operation.

    Hiawatha Bray can be reached at hiawatha.bray@globe.com. Follow him on Twitter @GlobeTechLab.