Microsoft discloses malware attack on Ukraine govt networks

BOSTON – Microsoft said precocious Saturday that dozens of machine systems astatine an unspecified fig of Ukrainian authorities agencies person been infected with destructive malware disguised arsenic ransomware, a disclosure suggesting an attention-grabbing defacement onslaught connected authoritative websites was a diversion. The grade of the harm was not instantly clear.

The onslaught comes arsenic the menace of a Russian penetration of Ukraine looms and diplomatic talks to resoluteness the tense stand-off look stalled.

Microsoft said successful a short blog post that amounted to the clanging of an manufacture alarm that it archetypal detected the malware connected Thursday. That would coincide with the onslaught that simultaneously took immoderate 70 authorities websites temporarily offline.

Ad

The disclosure followed a Reuters study earlier successful the time quoting a apical Ukrainian information authoritative arsenic saying the defacement was so screen for a malicious attack.

Separately, a apical backstage assemblage cybersecurity enforcement successful Kyiv told The Associated Press however the onslaught succeeded: The intruders penetrated the authorities networks done a shared bundle supplier successful a alleged supply-chain onslaught successful the manner of the 2020 SolarWinds Russian cyberespionage run targeting the U.S. government.

Microsoft said successful a different, method post that the affected systems “span aggregate government, non-profit, and accusation exertion organizations." It said it did not cognize however galore much organizations successful Ukraine oregon elsewhere mightiness beryllium affected but said it expected to larn of much infections.

Ad

“The malware is disguised arsenic ransomware but, if activated by the attacker, would render the infected machine strategy inoperable,” Microsoft said. In short, it lacks a ransom betterment mechanism.

Microsoft said the malware “executes erstwhile an associated instrumentality is powered down,” a emblematic archetypal absorption to a ransomware attack.

Microsoft said it was not yet capable to measure the intent of the destructive enactment oregon subordinate the onslaught with immoderate known menace actors. The Ukrainian information official, Serhiy Demedyuk, was quoted by Reuter s arsenic saying the attackers utilized malware akin to that utilized by Russian intelligence. He is lawman caput of the National Security and Defense Council.

A preliminary probe led Ukraine's Security Service, the SBU, to blasted the web defacement connected “hacker groups linked to Russia's quality services." Moscow has repeatedly denied engagement successful cyberattacks against Ukraine.

Ad

Tensions with Russia person been moving precocious successful caller weeks aft Moscow amassed an estimated 100,000 troops adjacent Ukraine’s border. Experts accidental they expect immoderate penetration would person a cyber component, which is integral to modern “hybrid” warfare.

Demedyuk told Reuters successful written comments that the defacement "was conscionable a screen for much destructive actions that were taking spot down the scenes and the consequences of which we volition consciousness successful the adjacent future.” The communicative did not elaborate and Demedyuk could not instantly beryllium reached for comment.

Oleh Derevianko, a starring backstage assemblage adept and laminitis of the ISSP cybersecurity firm, told the AP helium did not cognize however superior the harm was. He said besides chartless is what other the attackers mightiness person achieved aft breaking into KitSoft, the developer exploited to sow the malware.

In 2017, Russia targeted Ukraine with 1 of the astir damaging cyberattacks connected grounds with the NotPetya virus, causing much than $10 cardinal successful harm globally. That virus, besides disguised arsenic ransomware, was a alleged “wiper” that erased full networks.

Ad

Ukraine has suffered the unfortunate destiny of being the world's proving crushed for cyberconflict. Russia state-backed hackers astir thwarted its 2014 nationalist elections and concisely crippling parts of its powerfulness grid during the winters of 2015 and 2016.

In Friday's wide web defacement, a connection near by the attackers claimed they had destroyed information and placed it online, which Ukrainian authorities said had not happened.

The connection told Ukrainians to “be acrophobic and expect the worst.”

Ukrainian cybersecurity professionals person been fortifying the defenses of captious infrastructure since 2017, with much than $40 cardinal successful U.S. assistance. They are peculiarly acrophobic astir Russian attacks connected the powerfulness grid, obstruction web and cardinal bank.

Copyright 2022 The Associated Press. All rights reserved. This worldly whitethorn not beryllium published, broadcast, rewritten oregon redistributed without permission.