The computer networks installed at the main airport in Kiev, Ukraine, have been identified as containing malware.
As per the report, the IT network contained sensitive data including the Airport’s traffic control system. A military spokesman Andriy Lysenko gave the statement to Reuters that the command and control server (C&C server) of the malware was identified to be located in Russia.
C&C is a kind of external server with which software (usually a malware) communicates with for further instructions.
Lysenko also explained that no apparent damage has been caused by the malware. However, as far as experts’ analysis is concerned, it seems divided since many beliefs that it is too early to jump to conclusions regarding who is behind this misdeed.
Robert M. Lee, CEO Dragon Security and ex-US Air Force cyberwarfare operations officer told MotherBoard that:
“The report says the command and control server is in Russia: it is normal to be able to compromise locations around the world and use, so just because the IP address says Russia means very little for attribution.”
In a Twitter message, Lee informed about an important aspect associated with the incident. His Twitter post read:
I've seen the reports on the cyber attack on the Ukrainian airport but there's no data/evidence presented so I'll hold judgement until then
— Robert M. Lee (@RobertMLee) January 18, 2016
The security community has been eyeing Ukraine quite intensively lately as the country has become a victim of a number of coordinated cyber-attacks.
Recently, the country’s main power grid was attacked with a malware and as a result, various areas in Ukraine went dark.
This could be partially attributed to the presence of an improved version of BlackEnergy. The BlackEnergy is a kind of malware that has become the preferred choice of hackers for instigating their cyber-crimes and for attacking engineering systems.
Researchers have attributed the attacks on Ukraine and Russia to the so-called Sandworm hacking collective.
Ukraine’s Computer Emergency Response Team (CERT- UA) issued a warning to system administrators on Monday regarding the probability of “potential attacks using [BlackEnergy].”
In the same briefing, a list of suspicious IP addresses were also presented to the admins so that they could check their systems’ logs against it.
“We recommend checking the log files and information flows for the presence/absence of these indicators,” stated CERT team.
Reuters report also informed that a spokesperson from the airport targeted in Ukraine stated that the matter was being investigated by Ukrainian authorities.
They were trying to find out whether the malware that infected the computer network of Boryspil airport was BlackEnergy or not. The main issue to worry about is that if it was BlackEnergy, then it could have given hackers valuable information already by letting them access the system in the same way as it happened when the national Power Grid was targeted.