The Computer Emergency Response Team of Ukraine (CERT-UA) and the Foreign Intelligence Service of Ukraine have detected a new strain of the Pterodo Windows backdoor targeting computers at Ukrainian government agencies, leading officials in Kiev to warn of a pending large-scale cyber attack.
In an alert posted to the organization’s website, a CERT-UA official wrote:
CERT-UA together with the Foreign Intelligence Service of Ukraine found new modifications of Pterodo-type malware on computers of state authorities of Ukraine, which is likely to be the preparatory stage for a cyber attack. This virus collects system data, regularly sends it to command-control servers and expects further commands.
Pterodo, also known as Pteradon, is associated with the Gamaredon threat group, a group of attacks based largely on off-the-shelf software that have focused on Ukrainian military and government targets. Pterodo is a custom backdoor used to insert other malware and collect information. The latest version activates only on Windows systems with language localization for Ukrainian, Belarusian, Russian, Armenian, Azerbaijani, Uzbek, Tatar, and other languages associated with former Soviet states; this makes it more difficult to perform automated analysis of the malware with certain tools.