Cybercrime, Russia behind the hacker attack on Ukraine. Microsoft reveals malware

The Kiev Ministry of Digital Transformation confirms the rumors. Dozens of computer networks of government agencies and structures affected, including those that perform critical functions or are at the forefront of emergencies 17 Jan 2022 Veronica Balocco

The cyberattack that hit several Ukrainian government sites in the night between 13 and 14 January, causing the message "Be afraid and expect the worst" to appear, would have a precise author: "All the evidence indicates that behind the cyber attack there is Russia “. This is what we read in a note from the Ukrainian Ministry of Digital Transformation, according to which "Moscow continues to wage a hybrid war that has been going on since 2014", while ensuring citizens safety of their personal data. The purpose of the attack, according to the Kiev ministry, "is not only to intimidate society but also to destabilize the situation in Ukraine, stopping the work of the public sector and causing Ukrainians to collapse in the authorities". Moscow, for its part, has repeatedly denied involvement. In 2017, Russia was accused of the massive NotPetya ransomware attack, which targeted government, financial and energy institutions in Ukraine and caused more than $ 10 billion in damage worldwide. Critical government structures hit Following the cyberattack, dozens of Ukrainian government agencies' computer networks were infected with malware that can knock out devices. In an official post, Microsoft explains that “the malicious virus has targeted several organizations in Ukraine, including government agencies that perform critical functions or are on the front lines of emergencies. If activated, the malware renders computers unusable ”. Also affected was "an IT company that manages websites for public and private sector clients, including government agencies whose websites have recently been damaged". "Our investigation teams have identified the malware on dozens of affected systems and that number may increase as our investigation continues," Microsoft says. The Redmond-based tech giant said it is unable to assess the intent of the cybercriminal activity or identify precise characteristics that link it to threat actors. It also did not identify the information technology company involved. "The malware is disguised as ransomware but, if activated by the attacker, it renders the infected computer system unusable," she explains. “We are sharing this information to help others in the cybersecurity community seek and defend against these attacks. At this time, we have not identified a consistent overlap between the characteristics of the group behind these attacks and the groups we have traditionally monitored, but we continue to analyze the activity, "concludes the blog post. @ALL RIGHTS RESERVED

MALW ARTICLE