Microsoft discloses malware attack on Ukraine govt networks


PTI, Jan 16, 2022, 11:10 AM IST

Microsoft said late Saturday that dozens of computer systems at an unspecified number of Ukrainian government agencies have been infected with destructive malware disguised as ransomware, a disclosure suggesting an attention-grabbing defacement attack on official websites was a diversion. The extent of the damage was not immediately clear.

The attack comes as the threat of a Russian invasion of Ukraine looms and diplomatic talks to resolve the tense stand-off appear stalled. Microsoft said in a short blog post that amounted to the clanging of an industry alarm that it first detected the malware on Thursday. That would coincide with the attack that simultaneously took some 70 government websites temporarily offline. The disclosure followed a Reuters report earlier in the day quoting a top Ukrainian security official as saying the defacement was indeed cover for a malicious attack.

Separately, a top private sector cybersecurity executive in Kyiv told The Associated Press how the attack succeeded: The intruders penetrated the government networks through a shared software supplier in a so-called supply-chain attack in the fashion of the 2000 SolarWinds Russian cyberespionage campaign targeting the U.S. government. Microsoft said in a different, technical post that the affected systems “span multiple government, non-profit, and information technology organizations.” It said it did not know how many more organizations in Ukraine or elsewhere might be affected but said it expected to learn of more infections.

“The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable,” Microsoft said. In short, it lacks a ransom recovery mechanism.

Microsoft said the malware “executes when an associated device is powered down,” a typical initial reaction to a ransomware attack.

Microsoft said it was not yet able to assess the intent of the destructive activity or associate the attack with any known threat actors. The Ukrainian security official, Serhiy Demedyuk, was quoted by Reuter s as saying the attackers used malware similar to that used by Russian intelligence. He is deputy secretary of the National Security and Defense Council.

A preliminary investigation led Ukraine’s Security Service, the SBU, to blame the web defacement on “hacker groups linked to Russia’s intelligence services.” Moscow has repeatedly denied involvement in cyberattacks against Ukraine.

Tensions with Russia have been running high in recent weeks after Moscow amassed an estimated 100,000 troops near Ukraine’s border. Experts say they expect any invasion would have a cyber component, which is integral to modern “hybrid” warfare. Demedyuk told Reuters in written comments that the defacement ”was just a cover for more destructive actions that were taking place behind the scenes and the consequences of which we will feel in the near future.” The story did not elaborate and Demedyuk could not immediately be reached for comment.

Oleh Derevianko, a leading private sector expert and founder of the ISSP cybersecurity firm, told the AP he did not know how serious the damage was. He said also unknown is what else the attackers might have achieved after breaking into KitSoft, the developer exploited to sow the malware.

In 2017, Russia targeted Ukraine with one of the most damaging cyberattacks on record with the NotPetya virus, causing more than $10 billion in damage globally. That virus, also disguised as ransomware, was a so-called “wiper” that erased entire networks. Ukraine has suffered the unfortunate fate of being the world’s proving ground for cyberconflict. Russia state-backed hackers nearly thwarted its 2014 national elections and briefly crippling parts of its power grid during the winters of 2015 and 2016. In Friday’s mass web defacement, a message left by the attackers claimed they had destroyed data and placed it online, which Ukrainian authorities said had not happened.

The message told Ukrainians to “be afraid and expect the worst.” Ukrainian cybersecurity professionals have been fortifying the defenses of critical infrastructure since 2017, with more than USD 40 million in U.S. assistance. They are particularly concerned about Russian attacks on the power grid, rail network and central bank.

Udayavani is now on Telegram. Click here to join our channel and stay updated with the latest news.

Top News

Karnataka invites UK varsity to set up campus in Bengaluru

I will play IPL next year, will be unfair not to say thank you to Chennai: MS Dhoni

Chhattisgarh: Woman jumps into Chitrakote waterfall, video goes viral

Ram Temple idol installation in Jan 2024: Vishwaprasanna Teertha Swamiji of Pejawar Matha

Prepared for BBMP elections, welcome SC order: Karnataka CM

Gang of international smugglers held with 218 kg of heroin worth Rs 1,500 crore off Lakshadweep coast

Bommai to participate in annual meet of World Economic Forum in Switzerland


Related Articles More

Pak top election body “de-seats” 25 dissident lawmakers of Imran Khan’s Tehreek-e-Insaf

Canadian MP Chandra Arya speaks in Kannada in Parliament

Mangoes are symbol of friendship between India, US: Ambassador Sandhu

Cargo vessel carrying 1,600 tonnes of wheat from India sinks in Bangladesh river: officials

Afghan Taliban order women TV anchors to cover their faces

MUST WATCH

Kalasa Crime : CCTV Footage found

The success formula of dairy farming

NEWS BULLETIN 20-05-2022

SSC Result : Sirsi Governament School Students Achivement

Important Health Tips Must Watch


Latest Additions

Over 20 shops gutted in massive fire at Delhi’s Jhandewalan cycle market

Karnataka invites UK varsity to set up campus in Bengaluru

I will play IPL next year, will be unfair not to say thank you to Chennai: MS Dhoni

Udupi: 45-year-old man ventures out at night, goes missing

Chhattisgarh: Woman jumps into Chitrakote waterfall, video goes viral

Thanks for visiting Udayavani

You seem to have an Ad Blocker on.
To continue reading, please turn it off or whitelist Udayavani.