In 2017 NotPetya cyberattack, which originated in Ukraine and rapidly spread worldwide, causing billions of dollars in damage. The source explains how the attack propagated through tax accounting software and leveraged stolen NSA exploits, disguising itself as ransomware while actually functioning as a wiper malware designed to destroy data.

The video suggests that the attack was carried out by the Russian hacker group Sandworm and may have had dual objectives: not only inflicting damage but also covering up traces of prior cyber-espionage operations. It also discusses the lack of global accountability for such cyberattacks, despite their devastating consequences.

• Attack Vector: Spread via compromised tax software (MEDoc) and repurposed NSA exploits (EternalBlue).

• Disguise: Masqueraded as ransomware (demanding payment) but was data-destructive wiper malware.

• Attribution: Strongly linked to Sandworm (Russian GRU-linked hackers).

• Possible Motive: Beyond disruption, may have aimed to erase evidence of earlier espionage.

• Aftermath: Highlights the absence of international consequences for state-sponsored cyberattacks.