NotPetya | CFR Interactives

NotPetya

Date of report

July 2017

Affiliations

Possibly linked to Sandworm.

Threat actors deploy a tool, called NotPetya, with the purpose of encrypting data on victims' machines and rendering it unusable. The malware was spread through tax software that companies and individuals require for filing taxes in Ukraine. Australia, Estonia, Denmark, Lithuania, Ukraine, the United Kingdom, and the United States issued statements attributing NotPetya to Russian state-sponsored actors. In June 2018, the United States sanctioned Russian organizations believed to have assisted the Russian state-sponsored actors with the operation.

Suspected victims

Rosneft
Cie de Saint-Gobain
Mondelez
The government of Ukraine

WPP Plc.
SNCF
Port of Rosario

Maersk
Merck
Kyivenergo

Suspected state sponsor

Russian Federation

Type of incident

Data destruction

Target category

Government
Private sector

Victim government reaction

Policy response

Denouncement

Suspected state sponsor response

Denial

Russian military was behind NotPetya cyberattack in Ukraine, CIA concludes
Everything You Need To Know about Petya
TeleBots Are Back: Supply-Chain Attacks Against Ukraine

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events