1. What tools did the hackers use in this podcast?
First, they utilized a worm to infect, and self-replicate in a system with the goal of taking the infected system(s) offline. In the worm, they included a tool called Mimikatz to access a computer’s lsass.exe to gain access to cleartext username and passwords that users have input, as well as a tool to infect the master boot to reboot and encrypt itself. They also used EternalBlue, a dangerous hacking tool that uses the Windows Server Message Block to remotely run code, and gain access to Windows systems.
2. We know Ukraine was the target, but what was the goal of this Cyberattack?
Their goal was to take down as much of Ukraine’s cyber infrastructure as it could; this included military, government, business, and even private sector. Ultimately to achieve this and limit it to only attack Ukraine, they targeted MeDoc, a widely used accounting software in Ukraine. They would hijack the server used to send out MeDoc updates and use that to send infected updates containing the MimiKatz|EternalBlue worm to devices using MeDoc.
3. What events happened on Tuesday, June 27th 2017?
On June 27, 2017 they successfully accessed the MeDoc server to upload the virus and send it to many of the devices using MeDoc in Ukraine. It would infect the updated PC, and from there it would spread to PCs on the same network. Mimikatz would collect passwords from lsass.exe, and if it wouldn’t get the password to access a device, it would try EternalBlue to gain access. After infecting a PC, it would encrypt all the data on it, making it virtually useless.
4. What Companies were affected by this NotPetya Attack?
The first company directly affected was Oschadbank, which at the time was the national bank of Ukraine. The worm ended up spreading to businesses outside of Ukraine utilizing MeDoc as well, including FedEx, Maersk, Merck, Saint-Gobain, Reckitt Benckiser, Mondelez, and “countless others.” It also ironically hit a Russian Oil Company, Rosneft, EVRAZ, and Vitro. As to those that were affected overall, NotPetya caused ripples throughout the world’s economy, affected most companies in some way, shape, or form.