The attack also targeted non-governmental organizations and IT vendors
Microsoft this week admitted that it had observed destructive malware in systems belonging to several Ukrainian government agencies and organisations that work closely with the Ukrainian government. These entities all suffered a massive cyber attack last week.
The victims of the malware include Ukrainian government agencies that provide critical executive branch or emergency response functions, Microsoft said.
Tom Burt, Microsoft’s Corporate Vice President for Customer Security & Trust, revealed what they had observed in a blog post. “The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable,” he explained. “We’re sharing this information to help others in the cybersecurity community look out for and defend against these attacks.”
“At this time, we have not identified notable overlap between the unique characteristics of the group behind these attacks and groups we’ve traditionally tracked,” he added. “But we continue to analyze the activity.”
The malware targets more just government agencies
The organizations affected by this malware include government agencies that provide critical executive branch or emergency response functions, Burt wrote. The targets also included an IT firm that manages websites for public and private sector clients.
The Microsoft Threat Intelligence Center (MSTIC) published a technical blog post detailing Microsoft’s ongoing investigation. This post provides detailed info on how the security community can detect and defend against this malware.
“We have also notified each of the impacted organizations we have identified so far,” Burt wrote. He said Microsoft had also partnered with other cybersecurity providers to share what they know. They also notified “appropriate government agencies in the United States and elsewhere,” he added.
“It is possible more organizations have been infected with this malware and the number of impacted organizations could grow. We will continue to work with the cybersecurity community to identify and assist targets and victims.”
The MSTIC post said that they were not able to assess intent of the identified destructive actions. They added, “these actions represent an elevated risk to any government agency, non-profit or enterprise located or with systems in Ukraine.”
“We strongly encourage all organizations to immediately conduct a thorough investigation and to implement defenses using the information provided in this post. MSTIC will update this blog as we have additional information to share.”