Ukraine’s security service SBU was so anxious to recap its success in exposing two massive “Kremlin-backed” hacking attacks that it apparently got defeated by a language barrier, puzzling Western journalists with convoluted text.
The arcane-sounding statement was published by the SBU last Saturday. In it, the agency reported its effort to counter two separate cyberattacks that took place last year.
“This autumn, massive phishing emails containing harmful software designed to steal sensitive information were distributed to the official emails of central executive authorities,” the statement described one attack. The hackers, it said, used a remote access trojan (RAT) called DarkTrack – or “full distance control” tool in SBU’s own words.
“The SBU officers established that after the opening of the malicious attachment, the file code was starting to implement a mechanism for full distance control of the affected computer. The SBU specialists found that the client part of the DarkTrack hacking software, after installation, was connecting to server hardware (command&control servers) with Russian IP-addresses,” the statement read.
Another tool described in the report was the encryption ransomware PSCrypt, which, according to the SBU, operates in this way: “The SBU operatives found that the hackers, using social engineering methods, organized massive distribution of phishing email to the official electronic addresses of local authorities.”
“The attached files contained malicious code designed to encrypt the data on information systems of regional critical infrastructure objects. The law enforcers established that opening the attached file triggered download of a malicious file to the affected computer. Once installed, the software carried out disks encryption and posted on the desktop information about the need to pay for decryption through anonymous electronic accounts.”
That attack was attributed to the Russian government because “in most cases, mentioned phishing emails came through Russian mail servers,” the statement said.
The intelligence service celebrated the defeat of “Kremlin hackers,” stating: “The instant response ensured prevention, localization and neutralization of these large-scale cyber-attacks. The SBU, as the key national security structure, will continue to take all necessary measures aimed at protecting the critical informational infrastructure of the state.”
The statement seems to have puzzled even AP’s cybersecurity writer Raphael Satter, who regularly covers malware and hacking stories. He asked his Twitter followers for some help in deciphering its meaning.
It turns out, however, that the Ukrainian-language version is just as difficult to comprehend. Despite how Ukraine prides itself of not being Russia, Ukrainian official security messages are packed with the same incomprehensible bureaucratic phrases that their Russian counterparts are often chided for.
What looked like a “translation error” to Alexander Martin of Sky News, was, in fact, the SBU statement saying the alleged Kremlin hackers used “domestic mail services” to conduct the DarkTrack attack.