The situation is more serious than it initially appeared. Saturday January 15, Microsoft has warned that it has detected a computer attack aimed at making computer networks belonging to the Ukrainian state unusable. This new attack could be linked to the one that hit several government sites on Friday, but unlike the latter, the attack detected by Microsoft targets the heart of computer networks and not just websites.
The malware detected by Microsoft looks like ransomware, viruses that cripple computer systems and demand a ransom to unlock them. Except that it is a diversion, specifies the American multinational, which was able to analyze the software: the latter aims purely and simply to sabotage computer networks.
Microsoft explains that it detected this malware from January 13, only in Ukraine, “on dozens of systems belonging to the government as well as NGOs and information technology organizations”. More worryingly, the company specifies that some of the victims are “government agencies performing essential executive or emergency response functions”. Finally, the experts of the American company believe that only a small part of the victims are currently known. The concrete consequences of this attack were not known on Sunday, and Microsoft said it was not able to know who was behind this operation.
This attack could shed new light on the one that targeted several official sites on Friday. Indeed, Microsoft claims that among the victims is a company responsible for managing “websites for customers (…), including government agencies whose sites have recently been defaced”. In other words, it is possible that it is by having had access to the computer network of this company that the hackers succeeded in modifying the appearance of government sites.
On Friday, authorities in Kyiv had downplayed the consequences of changing their websites, while presenting it as “massive”. Several sites had posted threatening messages towards Ukrainians for a few hours, claiming without proof that their personal data was in the wild.
The Kremlin rejects the charges
Ukraine and the West saw Moscow’s hand in it; some believe that it could be a preliminary to a military attack on the ground. On Sunday, the Ministry of Digital Transformation of Ukraine said in a statement that it has “evidence [montrant] that Russia is behind the cyberattack” who targeted his websites. This sabotage “is a manifestation of the Hybrid War that Russia has been waging against Ukraine since 2014”, assured the ministry. The objective is “not only to intimidate society”, but also of “destabilize the situation in Ukraine” in “undermining trust [de la population] in power”, according to the same source. The Kremlin rejected these accusations.
This cyberattack comes as relations are strained between Ukraine and Russia, with Kiev accusing Moscow of having massed troops on its border to prepare for a possible invasion.
Ukraine has been torn apart since 2014 by a war in the east of the country between Kiev forces and pro-Russian separatists, of which the Kremlin is widely seen as the military and financial sponsor. The conflict erupted after the annexation of the Crimean peninsula in the same year by Russia.