Dozens of computer systems used by the Ukrainian government were compromised after being attacked by destructive malware.
Microsoft disclosed the security breach in a blog post published late on Jan. 15. The malware had been disguised as ransomware, causing further scrutiny and concern.
Tom Burt, the Corporate Vice President of Customer Security & Trust, said the company was disclosing the attack to “help others in the cybersecurity community look out for and defend against these attacks.”
“At this time, we have not identified notable overlap between the unique characteristics of the group behind these attacks and groups we’ve traditionally tracked but we continue to analyze the activity,” Burt said.
The announcement did not specifically identify the agencies targeted in the attack. Burt described them as “government agencies that provide critical executive branch or emergency response functions.”
Another compromised computer system belonged to an unnamed “IT firm that manages websites for public and private sector clients, including government agencies whose websites were recently defaced.”
Microsoft first detected the malware on Jan.13, 2022, the day 70 government websites went offline temporarily, per AP News. The Ukrainian government believes Russia was involved in the incident.
According to the statement, the company notified other possibly vulnerable government agencies of the attack bot in the United States and elsewhere.
“It is possible more organizations have been infected with this malware and the number of impacted organizations could grow,” the company said. “We see no indication so far that these attacks utilize any vulnerability in Microsoft products and services.”
Ukraine is in the middle of diplomatic talks with Russia after the neighboring nation built up its military presence along the border during the final weeks of 2021. Encampments of thousands of troops were observed through satellite images prompting concerns of an impending Russian invasion.
Russia has denied it intends to invade but has also asked for American and European leaders to guarantee Ukraine would not be admitted to the NATO alliance. An attack on one member of NATO is regarded as an attack on the collective under the terms of the agreement.
Moscow also wants assurance that no troops or missiles will be deployed to Ukraine.
US officials have “warned that operatives have been sent inside Ukraine to carry out ‘sabotage attacks’ against Russia proxies and Kremlin-linked ‘influence actors’ are flooding social media in the country with false claims about Ukrainian provocations to justify Moscow intervening,” reports The New York Post.
Russian, US, and NATO officials held diplomatic talks last week in Geneva but reportedly fell apart.
On Jan. 16, the Ukrainian Ministry of Digital Development released a statement accusing Russia of releasing the malware as a part of a “hybrid war” and with the intentions of destabilizing public trust in the government.
“All evidence indicates that Russia is behind the cyberattack. Moscow continues to wage a hybrid war and is actively building up its forces in the information and cyberspaces.”
“We have nothing to do with it. In a public response, Russia has nothing to do with these cyber-attacks,” Dmitry Peskov, Russian President Vladimir Putin’s spokesperson, said in a public response.
