Boston (AP) — Microsoft said late Saturday that dozens of computer systems from an unspecified number of Ukrainian government agencies were infected with destructive malware disguised as ransomware. The extent of the damage was not immediately clear.
The attack arises as the threat of Russia’s invasion of Ukraine approaches and diplomatic negotiations to resolve tense standoffs appear to be stalled.
In a short blog post, Microsoft said industry alerts had sounded and it was the first to detect malware on Thursday. This is consistent with an attack that temporarily takes about 70 government websites offline.
The disclosure followed Reuters’ report earlier that day that Ukrainian Supreme Security officials said the tampering was actually the target of a malicious attack.
Separately, Kiev’s top private sector cybersecurity executive told the Associated Press how successful the attack was. Intruders broke into government networks through shared software suppliers in so-called supply chain attacks targeting the 2020 SolarWinds Russian cyber-spy campaign. US government.
In another technical article, Microsoft states that the affected system “straddles multiple governments, nonprofits, and information technology organizations.” He said he was not sure if more organizations could be affected in Ukraine and elsewhere, but said he hopes to learn more about infectious diseases.
“Malware is disguised as ransomware, but when activated by an attacker, it renders the infected computer system inoperable,” Microsoft said. In short, it lacks a ransom collection mechanism.
According to Microsoft, malware is a typical initial reaction to a ransomware attack that “runs when the associated device is powered off.”
Microsoft said it has not yet been able to assess the intent of destructive activity or associate attacks with known threat actors. Ukrainian security official Serhiy Demedyuk said the attackers used malware similar to that used by Russian intelligence, according to Reuters. He is the Deputy Secretary of the National Security and Defense Council.
As a result of preliminary investigations, SBU, a Ukrainian security service, has accused “hacker groups linked to Russian intelligence” of web tampering. Moscow has repeatedly denied its involvement in cyber attacks on Ukraine.
Tensions with Russia have increased in recent weeks after Moscow has gathered an estimated 100,000 troops near the Ukrainian border. Experts say that every aggression is expected to include cyber components that are essential to modern “hybrid” warfare.
The tampering was “just a cover of the more destructive behavior that was taking place behind the scenes and the consequences felt in the near future,” Demeduk told Reuters. The story wasn’t elaborated and I couldn’t immediately ask Demedyuk for comment.
Oleh Derevianko, a leading private sector and founder of the ISSP cybersecurity company, told AP that he didn’t know how serious the damage would be. He also said it was unclear what else the attackers could have achieved after breaking into KitSoft, a developer that was exploited to sow malware.
In 2017, Russia targeted Ukraine with one of the most damaging cyberattacks on record by the NotPetya virus, causing more than $ 10 billion in damage worldwide. The virus, disguised as ransomware, was a so-called “wiper” that wiped out the entire network.
Ukraine suffers from the unfortunate fate of being a global testing ground for cyber conflicts. Russian state-sponsored hackers almost blocked the 2014 general elections and temporarily destroyed part of the power grid during the winter of 2015 and 2016.
A mass web tampering on Friday claimed that the message left by the attacker destroyed the data and brought it online, but Ukrainian officials say this did not happen.
The message told the Ukrainians to “fear and anticipate the worst.”
Ukrainian cybersecurity experts have strengthened the defense of critical infrastructure since 2017, with US support exceeding $ 40 million. They are particularly concerned about Russia’s attacks on the power grid, railroad network and central banks.
Suggest a fix
Microsoft reveals malware attack on Ukrainian government network | WGN Radio 720
Source link Microsoft reveals malware attack on Ukrainian government network | WGN Radio 720