Security Experts:

Connect with us

Hi, what are you looking for?



Ukraine Attacks Involved Exploitation of Log4j, October CMS Vulnerabilities

Ukraine cyberattack

CISA Warns Organizations of ‘Critical Threats’ Following Ukraine Attacks

Ukraine cyberattack

CISA Warns Organizations of ‘Critical Threats’ Following Ukraine Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations about “potential critical threats” following the recent cyberattacks aimed at Ukraine.

In a two-page “insights” document published on Tuesday, CISA advised all organizations — regardless of their size or sector — to immediately implement steps to reduce the likelihood of damaging breaches, quickly detect intrusions, ensure that they are prepared to respond to an intrusion, and improve their resilience to destructive attacks.

“This CISA Insights is intended to ensure that senior leaders at every organization in the United States are aware of critical cyber risks and take urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise,” CISA said.

Tens of Ukrainian government websites were hacked last week, being defaced with messages suggesting the attack was in response to the country’s pro-Western stance. A majority of the sites have since been restored.

Russia has been blamed for the attack, but the Kremlin has denied the accusations, with the presidency claiming that “Russia has nothing to do with these cyberattacks.”

Microsoft said the operation involved a new and destructive piece of malware that the tech giant tracks as WhisperGate. The malware has been described as a master boot record wiper disguised as ransomware — WhisperGate appears to be ransomware, but it lacks a recovery mechanism for when victims pay the ransom.

An analysis of the malware conducted by Symantec showed that samples related to WhisperGate may have been deployed to unknown victims as early as October 2021.

The attackers breached Ukrainian government networks through a supply chain attack involving a third-party software supplier named Kitsoft, which has confirmed that its infrastructure had been compromised.

Ukrainian cybersecurity agencies said the attack involved exploitation of CVE-2021-32648, a vulnerability in the October CMS, as well as exploitation of the notorious Log4Shell flaw, and DDoS attacks.

The October CMS flaw allows attackers to gain access to accounts after resetting their password.

The October CMS vulnerability was added by CISA on Tuesday to its Known Exploited Vulnerabilities Catalog. Security holes added to this list must be patched by federal agencies within two weeks.

CISA’s warning comes just days after several U.S. government agencies issued a joint advisory to provide an overview of cyber operations linked to Russia. The advisory was published as tensions mount over a potential Russian invasion of Ukraine.

On one hand, the recent attacks aimed at Ukraine add to tensions. On the other hand, Russia for the first time announced that it has arrested alleged members of a notorious ransomware gang at the request of the United States.

Related: Five Key Signals From Russia’s REvil Ransomware Bust

Related: Ukraine Names Russian FSB Officers Involved in Gamaredon Cyberattacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.