Microsoft: Unlikely we’ve seen full scope of ‘destructive’ Ukrainian cyberattack

17 Jan 2022

Image: © motortion/Stock.adobe.com

Microsoft warned the cyberattack could be bigger than initially feared, while Ukraine said ‘evidence points to Russia’ as the culprit.

A “destructive” cyberattack in Ukraine may have impacted more organisations that originally thought, according to Microsoft.

Last week, it emerged that a cyberattack had hit Ukraine and knocked out more than a dozen government websites.

But the Microsoft Threat Intelligence Center said on Saturday night (15 January) that it has identified evidence of a “destructive malware operation targeting multiple organisations in Ukraine”.

It said this malware, which first appeared on 13 January, is designed to look like ransomware but doesn’t have a ransom recovery mechanism. Instead, the aim is to be destructive and make targeted devices inoperable.

Microsoft teams have identified the malware on dozens of systems, impacting government, non-profit and IT organisations in Ukraine. This includes government agencies that provide critical or emergency response functions and a tech company that manages websites for public and private sector clients such as government agencies.

But Microsoft said that number could grow as investigations continue and it is “unlikely these impacted systems represent the full scope” of the incident.

The company added that it was “aware of the ongoing geopolitical events in Ukraine” and believed the malware incident represents an “elevated risk” to any government agency, non-profit or enterprise located or with systems in Ukraine.

‘Evidence points to Russia’

The attack comes amid continuing conflict with Russia. Tensions between the neighbouring countries have been building in recent months and there are now fears that Moscow is planning military action.

Microsoft said it couldn’t confidently identify the actor behind last week’s cyberattack, but Ukraine and others are suggesting the blame could lie with Russia.

“All the evidence points to Russia being behind the cyberattack,” the Ukrainian digital transformation ministry said in a statement yesterday (16 January). “Moscow is continuing to wage a hybrid war and is actively growing its information and cyberspace capabilities.”

It claimed that the aim of the attack was to intimidate and to destabilise the situation in Ukraine.

Jake Sullivan, US national security adviser, also said yesterday the Biden administration was looking into attribution for the cyberattack. “It would not surprise me one bit if it ends up being attributed to Russia,” he added.

Russia has rejected the claims and said there is no evidence of the country being behind the attack.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Sarah Harford was sub-editor of Silicon Republic

editorial@siliconrepublic.com