"Microsoft warned on Saturday evening that it had detected a highly destructive form of malware in dozens of government and private computer networks in Ukraine, that appeared to be waiting to be triggered by an unknown actor," reports the New York Times.
The NotPetya, the widespreading of the 2017 malware which "American intelligence officials later traced to Russian actors," bears some resemblance to the new one, according to the Times.
The security crisis Russia has sparked in Eastern Europe by surrounding Ukraine on three sides with 100,000 troops and then by the White House's accounting, sending in saboteurs to create a pretext for invasion, comes in the midst of this discovery.
14erCleaner shares the Times' latest report, which states that investigators who watch over Microsoft's global networks detected the defaced websites. "These systems span multiple government, nonprofit and information technology organizations, all based in Ukraine," Microsoft said. The code appears to have been put in place around the time that Russian diplomats declared that the talks with the United States and NATO over the massing of Russian troops at the Ukrainian border had hit a dead end. Microsoft said that it could not yet identify the group behind the intrusion, but that it did not appear to be an attacker that it had seen before. The company's investigators said the code was meant to look like a form of extortion called "ransomware." The goal is to cause maximum damage, not raise cash, and there is no infrastructure to accept money. Microsoft's disclosure will make it harder for the attack to spread because the destructive software has not spread too widely. It is possible that the attackers will try to destroy as many computers and networks as possible. If computer users look to root out the malicious software before it is activated, warnings like the one from Microsoft can be helpful. It can be risky. Exposure changes the calculus for the attacker, who may have nothing to lose in launching the attack, to see what happens. There is no evidence that the Ukrainian systems have been attacked by the destructive software.
The new attack would wipe the hard drives clean. Some defense experts think that such an attack could be a sign of a Russian invasion. If the attackers believed a cyberstrike would not prompt the kind of financial and technological sanctions that Biden has vowed to impose, it could be a substitute for an invasion.
The Ministry of Digital Development of Ukraine said that Russia is behind the cyberattack. Moscow is building up its forces in the cyberspaces and is wage a hybrid war. The Times notes that the ministry provided no evidence, and that early attribution of attacks is often wrong or incomplete.
Jake Sullivan, the U.S. national security adviser, was quoted by the Times as saying that if Russia is attacking Ukraine with cyberattacks, we will work with our allies on the appropriate response.
All Rights Reserved © 2024
