Computer systems of several Ukrainian government agencies and non-profit organizations have been infected with malware disguised as ransomware, Microsoft said.
“Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. This malware first appeared on victim systems in Ukraine on January 13, 2022,” the company wrote on its security blog.
The malware has impacted “multiple government, non-profit, and information technology organizations, all based in Ukraine,” according to the IT company.
The MSTIC said that the malware was supposed to resemble a hijacking program but did not have a ransom recovery mechanism. Instead of securing a ransom, the program was designed to incapacitate target devices, the company said.
Microsoft has not yet identified any significant association between this activity and those of other malware groups the company is tracking.
“Given the scale of the observed intrusions, MSTIC is not able to assess intent of the identified destructive actions but does believe these actions represent an elevated risk to any government agency, non-profit or enterprise located or with systems in Ukraine,” the company said, urging all organizations to “immediately conduct a thorough investigation” and build up their defenses.
On Friday, the Ukrainian Foreign Ministry’s spokesman, Oleg Nikolenko, said that the ministry’s websites and those of several other government agencies were down due to malicious cyberactivity. The website of the Education Ministry displayed a message about an alleged leak of Ukrainians’ personal data.
The Ukrainian State Service of Special Communication and Information Protection later said that most of the websites had been restored and personal information had not been leaked. The service called the attack the worst in the past four years.
The Ukrainian Ministry of Culture and Information Policy claimed Russia was behind the hacking attack. Kremlin spokesman Dmitry Peskov told CNN that Russia “had nothing to do” with the incident.