Qilin Ransomware Gang Claims Breach of Ukraine's Ministry of Foreign Affairs
In a significant cybersecurity attack, the Russian-speaking Qilin Ransomware group has claimed responsibility for breaching the Ministry of Foreign Affairs of Ukraine. This marks a notable escalation in the ongoing conflict between Russia and Ukraine, which has been characterized by increasingly sophisticated and targeted cyberattacks.
The Qilin ransomware group, which has been active since at least 2022, gained notoriety last month for targeting Synnovis, a UK governmental service provider for healthcare. However, their latest attack on the Ministry of Foreign Affairs of Ukraine takes the cake in terms of severity and scope.
The Attack: A Look at the Stolen Data
The Qilin ransomware group has announced that they have stolen sensitive data from the Ministry of Foreign Affairs of Ukraine, including private correspondence, personal information, and official decrees. The group claims to have already sold some of this data to third parties, further underscoring the severity of the attack.
A collection of images showcasing the stolen documents has been published by the group on its Tor leak site as proof of the attack. While the Ministry of Foreign Affairs of Ukraine has yet to confirm the data breach, it is clear that the Qilin ransomware group has obtained a significant amount of sensitive information.
The Ransomware Group's Modus Operandi
The Qilin ransomware group typically employs "double extortion" tactics, stealing and encrypting victims' data before threatening to expose it unless a ransom is paid. This approach has proven effective in the past, with the group claiming responsibility for attacks on Synnovis and Lee Enterprises earlier this year.
Post-Exploitation Activities
In the case of the Ministry of Foreign Affairs of Ukraine, the attackers breached the organization via compromised credentials for a VPN portal that lacked multi-factor authentication (MFA). The threat actors conducted post-exploitation activities 18 days after initial access, further highlighting their sophistication and expertise.
Hybrid Warfare in the Ongoing Conflict
The attack on the Ministry of Foreign Affairs of Ukraine can be seen as part of the escalating hybrid warfare in the ongoing conflict between Russia and Ukraine. The use of hacktivists and cybercrime groups aligned with the Kremlin's strategy has become increasingly prevalent, making it essential for organizations to remain vigilant and proactive in their cybersecurity measures.
Stay tuned for further updates on this developing story as more information becomes available.
---
Follow me on Twitter: @securityaffairs Facebook: https://www.facebook.com/securityaffairs/ Mastodon: @securityaffairs