Over the past few months, Russia has amassed tens of thousands of troops along the border with Ukraine and made subtle but far-reaching threats if NATO doesn't agree to their demands.
A similar dispute is playing out in cyber arenas, as unknown hackers defaced scores of Ukrainian government websites and left a cryptic warning to Ukrainian citizens who attempted to receive services.
Expect the worst.
The message, written in Ukrainian, Russian, and Polish, was found on some of the systems that were affected by the attack. All information about you has become public and you should be afraid.
Microsoft said in a post over the weekend that it had discovered a new type of malicious software that could destroy computers and all their data. Microsoft is calling the malicious software Whispergate and is demanding $10,000 in digital currency for data to be restored.
The lack of means to distribute keys and provide technical support to victims is what makes Whispergate different from other working ransomware. The master boot record is a part of the hard drive that starts the operating system.
Advertisement
The members of the Microsoft Threat Intelligence Center wrote that writing the MBR is atypical for cybercriminals. The note is a ruse and that the software destructs the files it targets. There are a number of reasons why this activity is inconsistent with cybercriminal activity observed by MSTIC.
Serhiy Demedyuk, deputy head of the National Security and Defense Council of Ukraine, told news outlets over the weekend that a threat actor group known as UNC1151 was likely behind the defacement hack. The group, which researchers at Mandiant have linked to the government of Russian ally Belarus, was behind an influence campaign.
Phishing emails and theft domain that spoof legitimate websites such as Facebook were used by Ghostwriter. The authors of the Mandiant report wrote that UNC1151 was used to promote anti-NATO narratives that appeared intended to undermine regional security cooperation in operations targeting Lithuania, Latvia, and Poland.
All evidence points to Russia.
Ukrainian officials said that UNC1151 was likely working for Russia when it used its skills to deface websites. They wrote in a statement.
The evidence points to Russia being behind the cyber attack. Moscow is building forces in the information and cyberspace.
>
Russia's cyber-troops are trying to change the political situation in the United States and Ukraine. The war between Russia and Ukraine has been going on for more than two years.
>
Its goal is more than just to intimidate. To undermine the confidence in the government of Ukrainians by stopping the work of the public sector. They can achieve this by creating fakes about the vulnerability of critical information infrastructure and the drain of personal data of Ukrainians.
Damage assessment.
There were no immediate reports of the defacements having a destructive effect on government networks.
Advertisement
The police said that a number of external information resources were manually destroyed. The police said that the attack is more complex than modifying the homepage of websites.
Microsoft didn't say if the destructive data wiper it found on Ukrainian networks had been installed for potential use later or if it had actually been executed to wreak havoc.
There is no proof that the Russian government was involved in the defacement of the website. Russian involvement wouldn't be a surprise given past events.
The most costly cyberattack ever was in 2017: a massive outbreak of software that shut down computers around the world and caused $10 billion in damages.
M.E.Doc is a tax-accounting application that's widely used in Ukraine and spread NotPetya. Both Ukrainians.
The US government has said that Russia was behind the attacks. Four Russian nationals were charged with hacking crimes in 2020.