Perspective: MalwareNotPetya Ushered in a New Era of Malware

Published 26 August 2019

NotPetya ushered in a new era of implant-enabled warfare where public opinion is as much the target as traditional IT systems. This wasn’t “hack and leak” or “inauthentic amplification” on social media. This is information operations by using malware to create a narrative, and shows what the future of conflict looks like: one where malware not only disrupts our business operations but also targets our minds and influences media coverage. NotPetya created significant downtime and a whopping $10 billion in damages, but its most subversive impact was how it deceived the public.

In the summer of 2017, a software update for a popular Ukrainian accounting software pushed malware onto systems of companies doing business in Ukraine. The attack stopped life in Ukraine and crippled the Western logistics supply chain, hitting shipping giant Maersk, postal company FedEx, and the Port of Rotterdam. That was just the beginning effect of a chain reaction, masterminded by the Kremlin.

Roel Schouwenberg writes in Vice that pundits eagerly pointed out stolen code from the National Security Agency (NSA) within the malware to claim authority on the attack, effectively binding NSA’s exploit and the attack together whenever either comes up. The lingering story that stuck in the public imagination: the Russian cyberattack was executed with help of cyberweapons that the NSA lost control of.

The narrative that took shape showed a devastating failure of the US government, and turned public attention away from who was accountable for the attack. As a researcher who has extensively studied cyber operations and influence effects, I was gripped by how NotPetya appeared engineered to deflect attention away from who authored the attacks.

Schouwenberg says that NotPetya ushered in a new era of implant-enabled warfare where public opinion is as much the target as traditional IT systems. This wasn’t “hack and leak” or “inauthentic amplification” on social media. This is information operations by using malware to create a narrative, and shows what the future of conflict looks like: one where malware not only disrupts our business operations but also targets our minds and influences media coverage. NotPetya created significant downtime and a whopping $10 billion in damages, but its most subversive impact was how it deceived the public.

“There are two defining milestones in the history of cyberwar via implant,” Schouwenberg writes.

One of them showcased clandestine tradecraft. The other utilized publicly-visible cross-domain effects. Both would have a profound influence on future cyber operations.

The first was Stuxnet, which targeted Iran’s nuclear centrifuges and physically damaged them. It combined the cyber domain with the realm of kinetic destruction. A clandestine operation which made for a riveting tale that’s pretty easy to comprehend. The goal of Stuxnet was to sabotage Iran’s nuclear program while evading discovery for as long as possible.

On the other hand, NotPetya’s multi-domain nature doesn’t let itself get defined quite as easily.