Microsoft finds ‘destructive’ malware in Ukraine


The disclosure is an added worry for Ukrainian government agencies after many of their websites were hacked this week and replaced with threatening messages to Ukrainians that their data had been compromised.

While it is unclear who was responsible for the dual cybersecurity incidents, they come as Russia has amassed tens of thousands of troops at the Ukraine border and after talks between the West and Moscow have failed to deescalate the situation.

The “destructive” computer code represents “an elevated risk to any government agency, non-profit or enterprise located or with systems in Ukraine,” Microsoft said in a blog post Saturday.

Microsoft researchers said the computer code was designed to look like ransomware, but that it lacked some of the common features of ransomware and was “inconsistent with cybercriminal ransomware activity.”

Scores of Ukrainian government websites were hacked between Thursday and Friday, many of them apparently via a single software provider named Kitsoft.

The Kyiv-based firm said Friday it was helping government websites restore connectivity. Ukrainian officials have said no personal data was leaked in the hacks.

Serhiy Demedyuk, deputy secretary of Ukraine’s national security and defense council, told Reuters that Ukraine blamed a hacking group linked with Belarusian intelligence for the website hacks. CNN has reached out to the Belarusian foreign ministry for comment.

Russia-linked hacking groups have a long history of wreaking havoc in Ukraine. The US Justice Department has blamed Russia’s GRU military intelligence agency for cyberattacks in 2015 and 2016 that cut power in parts of Ukraine, and for a crippling piece of malware known as NotPetya.

In 2017, NotPetya was unleashed on a Ukrainian accounting software firm, but the malicious code spread to multinational corporations like shipping giant Maersk, costing the global economy billions of dollars.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *