FireEye Assisting National Police of Ukraine with Recent EternalPetya Investigation

FireEye announced that it is working with the National Police of Ukraine to assist with its investigation into the recent EternalPetya attack.

At the end of June, the EternalPetya (also referred to as NotPetya or Petya by other sources) cyber attack severely affected many Ukrainian organisations including businesses, airports and government departments. It also disrupted the operations of some multinational organisations with ties to the Ukraine.

“This cyber attack reached a scale rarely seen in the Ukraine. It’s important we learn as much as possible about this attack in order to ensure the perpetrators face serious consequences. We asked FireEye to assist us with this investigation because of its deep expertise in forensic investigations and intelligence assessments”, explained Sergey Demediuk, Chief of the Cyber Police Department, National Police of Ukraine.

John Hultquist, Director of Cyber Espionage Analysis at FireEye added, “Our initial analysis of EternalPetya found many similarities with cyber attacks carried out by Sandworm Team, a Russia-based group. Sandworm Team has targeted the Ukraine in the past, most notably in December 2015 and then again in December 2016 when it caused the only known power outages attributed to a cyber attack. We believe the group is sponsored by the Russian government.”

FireEye is conducting forensic examinations of seized servers and workstations and is looking for evidence that would confirm the initial infection vector and how the machines helped spread the malware. The company is also examining telemetry data from these machines for intelligence purposes.