Cyberattack in Ukraine: Kiev accuses Russia, a destructive malware discovered

For the Ukrainian government, the attribution of the cyberattack which affected ministries and government agencies this Friday, January 14, 2022 leaves no room for doubt: “ all evidence points to Russia being behind the cyberattack “, said the Ministry of Digital Transition in a press release issued on January 16, 2022. But elements reported by Microsoft cybersecurity teams raise fears of a more serious attack than initially assumed.

Ukraine points finger at Russia and denies data leak

This large-scale attack paralyzed several administrations and government sites, including that of the Ministry of Foreign Affairs. A threatening message, addressed to the population in several languages, was displayed on the hacked sites before they were taken offline. He mentioned personal data stolen and disseminated on the Internet.

Also according to Sunday’s press release, the Ukrainian government sees in this attack a desire to destabilize sectors of the public service, and more broadly to intimidate Ukrainian society. by undermining the trust of Ukrainians in the government “. And this in an increasingly tense geopolitical context with Russia, which is amassing tens of thousands of soldiers around the country. The Ministry of Digital Transition, however, wants to be reassuring on one point: it refutes the allegations of data leakage.

Even more serious, a destructive malware discovered by Microsoft

The attack, however, could be more pernicious. In a report released on Saturday January 15, 2022, the Microsoft Threat Intelligence Center (MSTIC) explains that it identified an operation using destructive malware against multiple Ukrainian organizations as early as January 13, 2022.

This type of malware uses the same process as ransomware, i.e. entering a computer system to render data unreadable and paralyze the various services. With the difference that here, the software does not demand a ransom and is content to be as destructive as possible.

The malware is therefore used for purely offensive purposes, which is unusual, since the overwhelming majority of cyberattacks are carried out by hackers for commercial purposes.

The MSTIC report explains that it identified the malware in “dozens of systems, and that number could grow even further as our investigation progresses“. The known targets, all based in Ukraine, are government branches, associations and tech companies.

Also according to the report, the attack could be on a larger scale, with other organizations reporting similar attacks. Microsoft analyzes that “according to the extent of the intrusions, the MSTIC cannot gauge the actions of destruction (of the malware, editor’s note), but believes that these actions represent a high risk for all government agencies, associations or companies located or having systems in Ukraine“.

Concerns, and still many questions

According to these elements, the attack would therefore be much more serious than a psychological warfare operation and the hacking of a few government sites. The concern is also explained by the devastating cyberattacks that Ukraine has already experienced in 2015 and 2017: paralyzed power plants that cause a blackout in an entire part of the country, blocked ministries or even the Treasury Department put out of service, preventing for several days the government to pay salaries.

In comparison, the current wave remains measured for now, perhaps thanks to the help of cybersecurity teams sent by the United States and the United Kingdom as early as December 2021 in the face of the resurgence of cyberattacks against Ukraine. But Kiev’s resilience in the face of this threatcan only be confirmed in the next few weeks.