By Frank Bajak
Associated Press
Microsoft announced late Saturday that dozens of computer systems at various Ukrainian government agencies have been infected with malware, disguised as
ransomware
, a revelation that suggests the earlier attack on official websites was just a distraction.
The extent of the damage has not yet been defined.
The attack comes amid a crisis over the threat of a Russian invasion of Ukraine and as diplomatic talks to resolve the tense standoff appear stalled.
Microsoft said in a brief post that it was making the announcement to alert the computer industry that it first detected the
malware
on Thursday.
This incident coincides with the attack that simultaneously temporarily took some 70 government websites offline.
The New York subway announces that it was the victim of a cyberattack
June 3, 202100:42
Microsoft spoke out on the situation in Ukraine, after the Reuters news agency published a report that quoted a senior Ukrainian security official as saying that the fall of the official pages sought to cover up a malicious attack.
In addition, a top private-sector cybersecurity executive in Kiev told The Associated Press how the attack was executed: The intruders penetrated government networks through a shared software provider, much
like the Russian SolarWinds 2020 cyberespionage targeting the United States Government.
Microsoft said in a technical publication that the affected systems "span across multiple government, nonprofit and information technology organizations."
The company said it did not know at the time how many organizations in Ukraine or elsewhere might be affected, but said it expected more attacks to be detected.
In recent years, Ukraine has suffered intense computer attacks. Pavel Golovkin / AP
"The
malware
is disguised as
ransomware
but, if activated by the attacker, it would render the infected computer system inoperable," Microsoft said.
In short, there is no rescue recovery mechanism.
Microsoft said the
malware
"runs when an associated device is powered off," a typical initial reaction to a
ransomware
attack .
The company states that it cannot yet assess the intent of the destructive activity or associate the attack with any known attackers.
Ukrainian security official Serhiy Demedyuk was quoted by Reuters as saying the attackers used
malware
similar to that used by Russian intelligence.
Demedyuk is deputy secretary of the National Defense and Security Council.
After conducting a preliminary investigation, the Security Service of Ukraine, the SBU, blames "hacker groups linked to Russian intelligence services."
Moscow has denied involvement in the cyberattacks against Ukraine.
What impact does the cyber attack have on the Colonial Pipeline?
A security expert explains
May 12, 202103:22
Tensions have risen in recent weeks after Russia deployed some 100,000 troops near the Ukrainian border.
Experts say they expect any invasion to have a cyber component because it is an integral part of modern "hybrid" warfare.
Demedyuk told Reuters in written comments that the fall of the official pages "was only a distraction to carry out more destructive actions and the consequences of which will be evident in the near future."
[Several meat plants close in the United States after the cyberattack of Russian 'hackers' on the largest supplier of meat in the world]
Oleh Derevianko, a leading private-sector expert and founder of cybersecurity firm ISSP, told the AP that he didn't know how bad the damage was.
It also claims that the extent of the damage is unknown, after the attackers broke into KitSoft, the developer used to seed the malware.
In 2017, Russia hit Ukrainian systems with one of the most damaging cyberattacks on record with the NotPetya virus, causing more than $10 billion in damage worldwide.
That virus, which was also disguised as ransomware, wiped out entire networks.
They investigate cyberattack by Russian hackers against several government agencies
Dec. 14, 202000:35
Ukraine has long been a testing ground for cyber conflicts.
Russian-backed hackers nearly foiled its 2014 national election and briefly crippled parts of its power grid during the winters of 2015 and 2016.
During Friday's massive attack, the attackers left a message saying they had destroyed the data and released it online, something Ukrainian authorities denied.
The message told Ukrainians to "be afraid and expect the worst."
Ukrainian cybersecurity professionals have been strengthening critical infrastructure defenses since 2017, with US advice and an investment of more than $40 million.
Officials are particularly concerned about Russian attacks on the power grid, the rail network and the central bank.
