The National Cyber Coordination Centre (NCCC) under the National Security and Defense Council of Ukraine says that a cyberattack on the System of Electronic Interaction of Executive Bodies may be linked to the hacker spy group Gamaredon (Russia).

According to the National Security and Defense Council, the cyberattack using document management systems was carried out through the electronic document management system ASKOD. The attack involved 14 domains of the .ru segment and the IP address "188.225.37.128".

"The cyberattack can be linked to one of the hacker spy groups from the Russian Federation, Pterodo/Gamaredon," the National Security and Defense Council said in a statement. The NCCC of the National Security and Defense Council recommends blocking the firewall if possible and monitoring the following IP address ranges that are commonly used by this group: "176.53.162.0 - 176.53.163.255", "188.225.24.0 - 188.225.27.255", "188.225.44.0 - 188.225.47.255", "188.225.78.0 - 188.225.78.255", "188.225.79.0 - 188.225.79.255", "2.59.40.0 - 2.59.41.255", "2.59.42.0 - 2.59.43.255", "92.53.124.0 - 92.53.125.255", "185.231.153.0 - 185.231.153.255", "5.252.192.0 - 5.252.195.255", "141.8.195.0 - 141.8.195.255", "91.210.170.0 - 91.210.170.255", "5.23.52.0 - 5.23.52.255".

Earlier, the National Cyber Coordination Centre under the National Security and Defense Council of Ukraine recorded attempts to distribute harmful documents through the System of electronic interaction of executive authorities. The purpose of the attack was the mass contamination of information resources of government agencies, because this system provides the flow of documents in most government agencies.