Destructive malware capable of wiping data has appeared on dozens of computer systems at Ukrainian organizations, including government agencies, non-profits and technology organizations, Microsoft warned.
The disclosure is an added worry for Ukrainian government agencies after many of their websites were hacked this week and replaced with threatening messages to Ukrainians that their data had been compromised.
While it is unclear who was responsible for the dual cybersecurity incidents, they come as Russia has amassed tens of thousands of troops at the Ukraine border and after talks between the West and Moscow have failed to deescalate the situation.
The “destructive” computer code represents “an elevated risk to any government agency, non-profit or enterprise located or with systems in Ukraine,” Microsoft said in a blog post Saturday.
Microsoft researchers said the computer code was designed to look like ransomware, but that it lacked some of the common features of ransomware and was “inconsistent with cybercriminal ransomware activity.”
Scores of Ukrainian government websites were hacked between Thursday and Friday, many of them apparently via a single software provider named Kitsoft.
The Kyiv-based firm said Friday it was helping government websites restore connectivity. Ukrainian officials have said no personal data was leaked in the hacks.
Serhiy Demedyuk, deputy secretary of Ukraine’s national security and defense council, told Reuters that Ukraine blamed a hacking group linked with Belarusian intelligence for the website hacks.
Russia-linked hacking groups have a long history of wreaking havoc in Ukraine. The US Justice Department has blamed Russia’s GRU military intelligence agency for cyberattacks in 2015 and 2016 that cut power in parts of Ukraine, and for a crippling piece of malware known as NotPetya.
In 2017, NotPetya was unleashed on a Ukrainian accounting software firm, but the malicious code spread to multinational corporations like shipping giant Maersk, costing the global economy billions of dollars.