In June 2017, many of the banks, energy producers, local networks and state-owned media agencies in Ukraine were targeted by a malware oriented cyber attack from a hacking group named Cozy Bear aka APT29.
A detailed probe launched later proved that the group was being backed by Foreign Intelligence Service belonging to Russia, and the malware blocked most of the computer systems running on Windows PCs.
According to a press update released by National Police of Ukraine, over 1508 legal companies and individual business owners lodged complaints with the cyber department that their computer systems and networks were disrupted by the malware and the losses were estimated to be US $1.2 billion.
Now, after witnessing a cyber attack on FireEye in which a portion of data was accessed and stolen by cyber criminals the National Coordination Center for Cybersecurity (NCCC) based in Ukraine’s National Security and Defense Council(NSDC) released its detailed analysis over the attack and stated that the incident targeted almost all the US Federal Agencies and a server vulnerability in SolarWinds Orion Platform Product Management System is said to have led to the attack.
Ukraine has linked the attack to Cozy Bear and added in its website that it was similar to the Ransom: Win32/Petya attack that took place on its critical infrastructure in 2017.
So, NCCC is urging all the companies that are using SolarWinds Software to check for any compromise on their computer networks.
Note- Cozy Bear is reported to be affiliated to another big hacking group named Fancy Bear and is also known with other names such as Office Monkeys, Cozy Car, The Dukes, Cozy Duke, and Grizzly Steppe. This same Russia linked hacking group was also responsible for the leak of emails of Mrs Clinton in 2016 after a cyber attack took place on the emails server maintained by the Democratic National Committee in 2015.