Ukraine claims Russia was behind a cyberattack that defaced government websites and alleged Russia was engaged in a ‘hybrid war’ against the country
The statement came a day after Microsoft said dozens of computer systems in an unknown number of Ukrainian government agencies had been infected with destructive malware disguised as ransomware. This disclosure suggests that the defacing attack that attracted attention on official websites last week was a diversion.
“All the evidence points to Russia being behind the cyberattack. Moscow continues to wage hybrid warfare and is actively building up its forces in information and cyberspace,” the ministry statement said.
Microsoft said in a short blog post on Saturday that it first detected the malware on Thursday. This would coincide with the attack which temporarily took some 70 Ukrainian government websites offline.
Microsoft said in a separate technical article that the affected systems “represent multiple government, nonprofit, and information technology organizations.” He said he didn’t know how many other organizations in Ukraine or elsewhere might be affected, but said he expected to hear more infections.
A senior private sector cybersecurity official in Kyiv, Oleh Derevianko, told The Associated Press that intruders penetrated government networks through a shared software vendor in a supply chain attack like the campaign. 2020 SolarWinds Russian cyber espionage attack that targeted the U.S. government.
In 2017, Russia targeted Ukraine with one of the most damaging cyberattacks on record with the NotPetya virus, causing over $10 billion in damage worldwide. This virus, also disguised as ransomware, was a so-called “windshield wiper” that wiped out entire networks.
During Friday’s massive web downgrade, a message left by the attackers claimed they had destroyed data and uploaded it, which Ukrainian authorities said did not happen.
The message told Ukrainians to “be afraid and expect the worst”.
Frank Bajak in Boston contributed to this story.