[5] In June 2017, the CERT-UA team, together with specialists from the Cyber Police, the Security Service of Ukraine, together with specialists from private companies and foreign partners, participated in countering and eliminating the consequences of large-scale hacker attacks against Ukraine.
In early 2023, the government's Computer Emergency Response Team (CERT-UA) investigated a cyberattack allegedly associated with the Sandworm group.
[6] To disable server hardware, automated user workstations and data storage systems, the attackers used legitimate software, namely the WinRAR file archiver.
The script performed a recursive search for files by a specific list of extensions for their subsequent archiving using a legitimate WinRAR program with the "-df" option.
The above script was launched using a scheduled task, which, according to preliminary information, was created and centrally distributed by means of group policy (GPO).