Chris Swagler | January 24th, 2022


The Cybersecurity and Infrastructure Security Agency (CISA) is urging United States companies to tighten their cybersecurity defenses against data-wiping attacks like those that recently targeted Ukrainian government agencies and businesses. According to BleepingComputer, Ukrainian government agencies and corporate companies were targeted by coordinated cyberattacks that defaced their websites and deployed data-wiping malware to corrupt data and cause Windows devices to become inoperable.

Sources informed a cybersecurity journalist that the threat operators used the CVE-2021-32648 vulnerability in the OctoberCMS platform to conduct the website defacements. According to the Ukraine Cyber Police, they’re investigating threat operators using the Log4j vulnerabilities and stolen credentials to access networks and servers. Another victim was a Ukrainian IT services company that helped developed the websites, which raises concerns about a supply-chain attack. Originally, the website defacements and data-wiping attacks were thought to be two different attacks. However, Ukraine issued a statement that companies were hit by both attacks leading them to believe they were coordinated.

There’s a high probability that the cyberattacks on the government agencies’ website’s interface (replacing displayed information) and data destruction are intended to cause serious damage to the state electronic resource infrastructure. Ukraine explains that Russia is responsible for the attacks with security experts attributing the attacks to a state-sponsored hacking group, Ghostwriter, that has ties with Belarus.

CISA is urging United States companies and business leaders to implement various steps to prevent similar destructive attacks on their networks. Even though the recommendations by CISA are in response to the cyberattacks on Ukraine, the suggested steps will help prevent network intrusions that could lead to ransomware attacks.

Steps to Reduce Possible Damaging Cyber Intrusions:
Steps to Detect Potential Intrusions:
 Maximize Resilience to Destructive Cyber Incidents:


With the recent data-wiping attacks against Ukrainian government agencies and organizations, CISA recommends that cybersecurity and IT personnel review their bulletin on mitigating Russian state-sponsored cyber threats on US-based critical infrastructure. Additionally, companies should remain alert on the latest threat landscape and take the precautionary steps mentioned above to reduce the risk of a potential cyber intrusion. At SpearTip, our certified engineers specialize in incident response capabilities and handling breaches. Our engineers continuously monitor companies’ networks at our Security Operations Centers for potential threats like data-wiping attacks. Our ShadowSpear Platform, our endpoint detection and response tool, integrates with cloud, network, and endpoint devices to provide extra security in preventing exploits and stopping the full attack cycle.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.