Kiev airport cyberattack launched from Russian server says Ukraine

The malware detected in the IT network of Kiev international airport is reported to be similar to that used in the attack on Ukraine's three power stations in December 2015. The attack appeared to originate from a Russian server.

Following the cyberattack carried out on Boryspil international airport, Ukrainian authorities will review the security of government computers including the ones used at airports and railway stations.

Irina Kustovska, a spokeswoman for Ukraine's infrastructure ministry, told Reuters, "In connection with the case in Boryspil, the ministry intends to initiate a review of anti-virus databases in the companies which are under the responsibility of the ministry."

Andriy Lysenko, a military spokesman said, "The control center of the server, where the attacks originate, is in Russia." He also added that there was no sign of any damage although the malware was detected in the airport's system.

Meanwhile, the Computer Emergency Response Team (CERT-UA) issued a warning about more attacks. A spokeswoman for the airport said authorities were investigating whether the malware belongs to the BlackEnergy family. There are some signs indicating the attacks are all linked.

"Attention to all system administrators. We recommend a check of log-files and information traffic," warned CERT-UA.

On 23 December, western Ukraine suffered a power outage attributed to a cyberattack. According to cybersecurity experts, this is the first such incident wherein a power station was targeted by hackers.

Following the attack, cyber espionage analysis at iSight Partners discovered that the Russian hacking collective, Sandworm, was behind the attack. "However, we have linked Sandworm Team to the incident, principally based on BlackEnergy 3, the malware that has become their calling card," said John Hultquist, director, cyber espionage analysis at iSight Partners.