Michele Kambas. James Pearson

NICOSIA/LONDON – After the Russian invasion of Ukraine, a 24-year-old videogame developer runs his business from a small home in a suburb of Nicosia. Now, he is caught up in a worldwide crisis.

U.S. investigators have implicated Polis Trachonitis and Hermetica Digital Ltd in an attack on data security that targeted hundreds of computers in Ukraine (Litauen), Latvia, and Lithuania.

The cyberattack, which was discovered on Wednesday night hours ahead of Russian troops entering Ukraine, is widely considered the first salvo in Moscow’s invasion.

According to researchers, the malware was signed with a digital certificate that had Hermetica Digital’s name printed on it. Some of them have begun calling the code “HermeticWiper” due to this connection.

Trachonitis stated to Reuters that he did not have anything to do with this attack. According to Trachonitis, he didn’t seek a digital certification and was unaware that one had been given to his business.

According to him, his job in the videogame sector is to just write the code for the games others have put together.

“I don’t even write the code – I write stories,” he said, adding that he was unaware of the connection between his firm and the Russian invasion until he was told by a Reuters reporter on Thursday morning.

“I’m just an ordinary Cypriot guy… “I have no connection to Russia.”

While it wasn’t clear how severe the malware attack had caused, ESET cybersecurity firm stated that malicious code was discovered on “hundreds” of machines.

For months Western leaders had warned of Russian cyberattacks against Ukraine.

Britain and America claimed that Russian military hackers caused an avalanche of distributed denials of service attacks (DDoS) last week. These DDoS attacks briefly shut down Ukrainian government and banking websites.

DIGITAL CERTIFICATE

Computer hackers routinely take the identities of strangers to register malware websites or rent server space.

Although the Hermetica Digital certificate had been issued in April 2021 the time stamp for the malicious code was actually Dec. 28, 2021.

ESET researchers wrote in a blog posting that they believed that such dates indicated that an attack might have been planned for some time.

If the Russians carried out the attack, which is commonly believed by U.S. defense officials and cybersecurity professionals, then time stamps can be significant data points that could help observers to determine when the plans for invasion of Ukraine were put together.

Jean-Ian Boutin from ESET, the head of threat research at ESET, stated to Reuters that there are many ways a malicious actor can fraudulently get a code signing certification.

Boutin stated that they could obtain the item themselves but also on the black market.

As such, we may not know the exact date of the operation, but it’s possible the threat actor has obtained the code signing certificate for the campaign.

Director of Cyber espionage Analysis at Mandiant Ben Read said that it is possible for a group to “impersonate” a company through communications with a cert-provider company, and fraudulently obtain a valid cert.

Symantec (NASDAQ) a cybersecurity company, said that Wednesday’s attack had taken place against organisations working in the IT, defense, and financial services industries. DigiCert was the company that issued this digital certificate. They did not respond to my request immediately.

Juan-Andres Guerrero Saade is a cybersecurity researcher for digital security company SentinelOne (NYSE:) said that the attackers’ purpose was obvious: to “damage, disable, signal, cause havoc”.