NotPetya
Date of report
  • July 2017
Affiliations
  • Possibly linked to the same threat actors who designed Black Energy
Threat actors deploy a tool, called NotPetya, with the purpose of encrypting data on victims' machines and rendering it unusable. The malware was spread through tax software that companies and individuals require for filing taxes in Ukraine. Australia, EstoniaDenmark, Lithuania, Ukraine, the United Kingdom, and the United States issued statements attributing NotPetya to Russian state-sponsored actors. In June 2018, the United States sanctioned Russian organizations believed to have assisted the Russian state-sponsored actors with the operation. 
Suspected victims
  • Rosneft
  • Cie de Saint-Gobain
  • Mondelez
  • The government of Ukraine
  • WPP Plc.
  • SNCF
  • Port of Rosario
  • Maersk
  • Merck
  • Kyivenergo
Suspected state sponsor
  • Russian Federation
Type of incident
  • Data destruction
Target category
  • Government
  • Private sector
Victim government reaction
  • Yes
Policy response
Suspected state sponsor response