NICOSIA – A videogame designer on Cyprus said he had no part of Russian cyberattacks that hit hundreds of computers in Ukraine, Lithuania, and Latvia that came just as Russia was invading Ukraine.
Polis Trachonitis’ firm, Hermetica Digital, was implicated by American researchers in the data-shredding electronic attack that used malware signed using a digital certificate with the company’s name on it, said Reuters.
Some of the researchers began calling the malicious code “HermeticWiper” because of the connection but Trachonitis told the news agency he had nothing to do with the attack.
He said he didn’t even know a digital certificate had been issued to his firm ad said his role is just to write the text for games that others put together.
“I don’t even write the code – I write stories,” he said, adding that he was unaware of the connection between his firm and the Russian invasion until he was told by a Reuters reporter.
“I’m just a Cypriot guy … I have no link to Russia,” he insisted.
It wasn’t clear how much damage the attack caused by the cybersecurity firm ESET said the malicious code had been found installed on “hundreds of computers in the affected countries.
That came as Britain and the United States said Russian military hackers were behind distributed denial of service (DDoS) attacks that briefly knocked Ukrainian banking and government websites offline.
The Hermetica Digital certificate was issued in April 2021, but the time stamp on the malicious code was Dec. 28, 2021. ESET researchers said in a blog post those dates suggested that “the attack may have been in the works for some time.”
If the attacks came from Russia the time stamps could be critical information to determine the planning for the invasion and ESET’s head of threat research, Jean-Ian Boutin, told Reuters there were various ways in which a malicious actor could fraudulently obtain a code signing certificate.
“They can obviously obtain it themselves, but they can also buy it in the black market,” Boutin said.
“As such, it is possible that the operation dates back further than we previously knew, but it is also possible that the threat actor acquired this code signing certificate recently, just for this campaign,” he added.
Ben Read, Director of Cyber Espionage analysis at Mandiant said it was possible that a group could “impersonate a company in communications with a digital cert providing company and get a legitimate cert fraudulently issued to them.”