Microsoft discloses malware attack on Ukraine govt networks

Jan 15, 2022, 10:16 PM | Updated: Jan 18, 2022, 12:52 pm
In this undated handout photo released by Ukrainian Foreign Ministry Press Service, the building of...

In this undated handout photo released by Ukrainian Foreign Ministry Press Service, the building of Ukrainian Foreign Ministry is seen during snowfall in Kyiv, Ukraine. Ukrainian officials and media reports say a number of government websites in Ukraine are down after a massive hacking attack. While it is not immediately clear who was behind the attacks, they come amid heightened tensions with Russia and after talks between Moscow and the West failed to yield any significant progress this week. (Ukrainian Foreign Ministry Press Service via AP)

(Ukrainian Foreign Ministry Press Service via AP)

BOSTON (AP) — Microsoft said late Saturday that dozens of computer systems at an unspecified number of Ukrainian government agencies have been infected with destructive malware disguised as ransomware, a disclosure suggesting an attention-grabbing defacement attack on official websites was a diversion. The extent of the damage was not immediately clear.

The attack comes as the threat of a Russian invasion of Ukraine looms and diplomatic talks to resolve the tense stand-off appear stalled.

Microsoft said in a short blog post that amounted to the clanging of an industry alarm that it first detected the malware on Thursday. That would coincide with the attack that simultaneously took some 70 government websites temporarily offline.

The disclosure followed a Reuters report earlier in the day quoting a top Ukrainian security official as saying the defacement was indeed cover for a malicious attack.

Separately, a top private sector cybersecurity executive in Kyiv told The Associated Press how the attack succeeded: The intruders penetrated the government networks through a shared software supplier in a so-called supply-chain attack in the fashion of the 2020 SolarWinds Russian cyberespionage campaign targeting the U.S. government.

Microsoft said in a different, technical post that the affected systems “span multiple government, non-profit, and information technology organizations.” It said it did not know how many more organizations in Ukraine or elsewhere might be affected but said it expected to learn of more infections.

“The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable,” Microsoft said. In short, it lacks a ransom recovery mechanism.

Microsoft said the malware “executes when an associated device is powered down,” a typical initial reaction to a ransomware attack.

Microsoft said it was not yet able to assess the intent of the destructive activity or associate the attack with any known threat actors. The Ukrainian security official, Serhiy Demedyuk, was quoted by Reuter s as saying the attackers used malware similar to that used by Russian intelligence. He is deputy secretary of the National Security and Defense Council.

A preliminary investigation led Ukraine’s Security Service, the SBU, to blame the web defacement on “hacker groups linked to Russia’s intelligence services.” Moscow has repeatedly denied involvement in cyberattacks against Ukraine.

Tensions with Russia have been running high in recent weeks after Moscow amassed an estimated 100,000 troops near Ukraine’s border. Experts say they expect any invasion would have a cyber component, which is integral to modern “hybrid” warfare.

Demedyuk told Reuters in written comments that the defacement “was just a cover for more destructive actions that were taking place behind the scenes and the consequences of which we will feel in the near future.” The story did not elaborate and Demedyuk could not immediately be reached for comment.

Oleh Derevianko, a leading private sector expert and founder of the ISSP cybersecurity firm, told the AP he did not know how serious the damage was. He said also unknown is what else the attackers might have achieved after breaking into KitSoft, the developer exploited to sow the malware.

In 2017, Russia targeted Ukraine with one of the most damaging cyberattacks on record with the NotPetya virus, causing more than $10 billion in damage globally. That virus, also disguised as ransomware, was a so-called “wiper” that erased entire networks.

Ukraine has suffered the unfortunate fate of being the world’s proving ground for cyberconflict. Russia state-backed hackers nearly thwarted its 2014 national elections and briefly crippling parts of its power grid during the winters of 2015 and 2016.

In Friday’s mass web defacement, a message left by the attackers claimed they had destroyed data and placed it online, which Ukrainian authorities said had not happened.

The message told Ukrainians to “be afraid and expect the worst.”

Ukrainian cybersecurity professionals have been fortifying the defenses of critical infrastructure since 2017, with more than $40 million in U.S. assistance. They are particularly concerned about Russian attacks on the power grid, rail network and central bank.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

Prime Minister Boris Johnson enters 10 Downing Street, after reading a statement in London, Thursda...
Associated Press

Britain’s Boris Johnson resigning as PM amid scandal

LONDON (AP) — Prime Minister Boris Johnson announced his resignation Thursday amid a mass revolt by top members of his government, marking an end to three tumultuous years in power in which he brazenly bent and sometimes broke the rules of British politics. Months of defiance ended almost with a shrug as Johnson stood outside […]
7 hours ago
FILE - Arizona Republican Gov. Doug Ducey gives his state of the state address at the Arizona Capit...
Associated Press

Arizona Gov. Ducey backs Robson as successor over Trump pick

PHOENIX (AP) — Arizona Gov. Doug Ducey on Thursday endorsed businesswoman Karrin Taylor Robson to be his successor, adding his name to a growing list of mainstream conservatives looking to boost her past Donald Trump-endorsed frontrunner Kari Lake. Robson, a political newcomer, has used her family’s vast wealth to blanket the airwaves and narrow the […]
7 hours ago
FILE - Rep. Ilhan Omar, D-Minn., speaks on July 25, 2019, as she introduces the Zero Waste Act at t...
Associated Press

Florida man sentenced in death threat to Minnesota Rep. Omar

TAMPA, Fla. (AP) — A federal judge sentenced a former Trump supporter to three years of probation and a $7,000 fine for sending an email threatening to kill Rep. Ilhan Omar of Minnesota and three other congresswomen. David George Hannon, 67, also must undergo mental and substance abuse treatment and have no contact with Omar […]
7 hours ago
FILE - Fulton County Superior Court Judge Robert McBurney instructs potential jurors during proceed...
Associated Press

Limits set for lawmaker testimony in Georgia election probe

ATLANTA (AP) — Georgia lawmakers appearing before a special grand jury in the investigation into whether former President Donald Trump and others illegally meddled in the state’s 2020 election have broad immunity but can be asked about their conversations with people outside of the legislature, a judge has ruled. A former state lawmaker and Georgia’s […]
7 hours ago
Associated Press

Wisconsin court rules against transgender sex offender

MADISON, Wis. (AP) — The Wisconsin Supreme Court’s conservative majority said Thursday that a transgender woman cannot change her name because she is on the state’s sex offender registry and the law does not allow people on the registry to change their names. The court’s 4-3 decision upholds the rulings of two lower courts, which […]
7 hours ago
A Turkish-made Bayraktar TB2 is a medium-altitude long-endurance (MALE) unmanned combat aerial vehi...
Associated Press

Lithuanian crowdfunding drive gets Ukraine an armed drone

VILNIUS, Lithuania (AP) — Lithuania will present a combat drone to Ukraine that was donated by the Turkish manufacturer after a private crowdfunding campaign among ordinary Lithuanians, who raised nearly 6 million euros ($6.1 million) for the purpose within days. The campaign’s success inspired Turkey’s Baykar defense company, which makes the Bayraktar TB2 drone, to […]
7 hours ago

Sponsored Articles

...
Day & Night Air Conditioning, Heating and Plumbing

Most plumbing problems can be fixed with regular maintenance

Instead of waiting for a problem to happen, experts suggest getting a head start on your plumbing maintenance.
...
Carla Berg, MHS, Deputy Director, Public Health Services, Arizona Department of Health Services

Vaccines are safe if you are pregnant or breastfeeding

Are you pregnant? Do you have a friend or loved one who’s expecting?
...
CANVAS ANNUITY

Best retirement savings rates hit 4.30%

Maximize your retirement savings with guaranteed fixed rates up to 4.30%. Did you know there is a financial product that can give you great interest rates as you build your retirement savings and provide you with a paycheck for life once you retire? It might sound too good to be true but it is not; this product is called an annuity.
Microsoft discloses malware attack on Ukraine govt networks