Microsoft Reveals Details About Malware That Affected Ukraine


Microsoft: On Saturday (15), Microsoft made a post on its official blog in which it warns about a destructive malware operation that affected systems of government organizations in Ukraine. Investigated by the Microsoft Threat Intelligence Center (MSTIC), the threat is designed to look like ransomware and, in the absence of a rescue mechanism, renders the affected device inoperable.

According to Microsoft, the malware was found on “dozens of affected systems and that number could grow” as the investigation progresses. According to the company, the harmful software was first identified last Thursday (13) – about 70 government websites were temporarily offline as a result of the attack.

Next steps

MSTIC recommended that all government organizations, non-profits or companies with systems in Ukraine initiate a full investigation and implement cyber security mechanisms following the instructions in the blog post.

“Given the scale of observed invasions, MSTIC is not able to assess the intent of the identified destructive actions, but believes that these actions pose an elevated risk,” the group warned. The exact origin of the attack is not yet known, but the Ukrainian Security Service blamed “hacker groups linked to Russian intelligence services”.