‘State actor’ behind NotPetya cyberattack, expect ‘countermeasures’ – NATO experts
The so-called NotPetya attack hit Ukrainian government systems, as well as networks in 64 other countries, causing an unprecedented scale of disruption.
NATO now argues the cyber ambush violated Ukraine’s sovereignty and countermeasures could be expected, including sabotage.
Secretary General Jens Stoltenberg said cyber operations against a NATO member state could trigger Article 5 of the North Atlantic Treaty, demanding a collective military response. Ukraine is not a member of the bloc.
Kiev has since pointed the finger at Russia for the attack, while NATO said it could “most likely be attributed to a state actor.”
“A countermeasure could be, for example, a cyber operation sabotaging the offending state’s government IT systems, but it does not necessarily have to be conducted by cyber means,” NATO Cooperative Cyber Defense Center of Excellence researcher Tomas Minarik said in a statement this week.
“If the operation could be linked to an ongoing international armed conflict, then law of armed conflict would apply, at least to the extent that injury or physical damage was caused by it, and with respect to possible direct participation in hostilities by civilian hackers,” he added.
“But so far there are reports of neither.”
A report from NATO showed that although the attack had cost billions of dollars to the Ukrainian state, the damage was not comparable to a military strike.
The attack follows the recent WannaCry strike on a series of computer systems in Britain’s hospitals. It was reported that North Korean hackers were likely behind the attack.
“It seems likely that the more sophisticated and expensive NotPetya campaign is a declaration of power; a demonstration of acquired disruptive capability and readiness to use it,” NATO cyber expert Lauri Lindstrom said.
Now the company blamed for allowing NotPetya to slip through the system is being threatened with criminal charges. Accounting software firm MeDoc had its main system hacked and used to send out malware to the attack’s victims.