NotPetya/GoldenEye back in the spotlight: UK officially points finger to Kremlin for June 2017 cyberattack

2017 has already gone down as the worst year on record from a cybersecurity standpoint. But the world is still not over the two infamous attacks deployed by hackers in May (WannaCry) and June (NotPetya/Goldeneye) of last year, which together dealt billions of dollars’ worth of damages to victims worldwide.

After conducting scrupulous assessments in the wake of June’s NotPetya/GoldenEye pandemic, the UK’s cybersecurity watchdog claims it knows Russia was behind it. And it wants Russia to know it is not having it anymore.

A letter signed by the Foreign & Commonwealth Office, National Cyber Security Centre, and Lord Ahmad of Wimbledon reads:

“The UK’s National Cyber Security Centre assesses that the Russian military was almost certainly responsible for the destructive NotPetya cyber-attack of June 2017. Given this is the highest level of assessment and the broader context, the UK government has made the judgement that the Russian government was responsible for this cyber-attack.”

“The attack masqueraded as a criminal enterprise but its purpose was principally to disrupt. Primary targets were Ukrainian financial, energy and government sectors. Its indiscriminate design caused it to spread further, affecting other European and Russian business.”

Ahmad said the UK Government “judges” that the malware was crafted and subsequently deployed by none other than the Russian military, adding that “The attack showed a continued disregard for Ukrainian sovereignty. Its reckless release disrupted organisations across Europe costing hundreds of millions of pounds” – a figure already circulated by the media after victims released financial statements mentioning the losses incurred by the attack.

As avid readers might remember, NotPetya/ GoldenEye’s total financial damage was ultimately calculated at over 1 billion US Dollars.

“The Kremlin has positioned Russia in direct opposition to the West yet it doesn’t have to be that way,” Ahmad continues his denunciatory message. “… The United Kingdom is identifying, pursuing and responding to malicious cyber activity regardless of where it originates, imposing costs on those who would seek to do us harm.”

Most cybersecurity experts agree that NotPetya/GoldenEye was merely crafted to work like ransomware but was instead primarily aimed at destabilizing Ukraine – not necessarily to turn a profit for the attackers.

After hitting Ukraine, the malware spread to several other European countries (including the UK), disrupting international power distributors, pharmaceutical companies, banks, advertisers, law firms, public transport, even airports.

The UK is not at its first warning that it will respond accordingly when faced with such mischievousness. Eight months ago, the country’s defense secretary Sir Michael Fallon  threatened to deploy “air, land, sea or cyber space” attacks onto hackers caught infiltrating British government systems.

Leave a Reply