"Microsoft warned on Saturday evening that it had detected
a highly destructive form of malware in dozens of government and private computer networks in Ukraine," reports the New York Times, "that appeared to be waiting to be triggered by an unknown actor...."
The
Times reports that the malware "bears some resemblance" to NotPetya, the widespreading 2017 malware which "American intelligence officials later traced to Russian actors."
The discovery comes in the midst of what the
Times earlier called "the security crisis Russia has ignited in Eastern Europe by
surrounding Ukraine on three sides with 100,000 troops and then, by the White House's accounting, sending in saboteurs to create a pretext for invasion."
Long-time Slashdot reader
14erCleaner shares the
Times' latest report:
In a blog post, [Microsoft] said that on Thursday — around the same time government agencies in Ukraine found that their websites had been defaced — investigators who watch over Microsoft's global networks detected the code. "These systems span multiple government, nonprofit and information technology organizations, all based in Ukraine," Microsoft said.... The code appears to have been deployed around the time that Russian diplomats, after three days of meetings with the United States and NATO over the massing of Russian troops at the Ukrainian border, declared that the talks had essentially hit a dead end....
Microsoft said that it could not yet identify the group behind the intrusion, but that it did not appear to be an attacker that its investigators had seen before. The code, as described by the company's investigators, is meant to look like ransomware — it freezes up all computer functions and data, and demands a payment in return. But there is no infrastructure to accept money, leading investigators to conclude that the goal is to inflict maximum damage, not raise cash.
It is possible that the destructive software has not spread too widely and that Microsoft's disclosure will make it harder for the attack to metastasize. But it is also possible that the attackers will now launch the malware and try to destroy as many computers and networks as possible.... Warnings like the one from Microsoft can help abort an attack before it happens, if computer users look to root out the malware before it is activated. But it can also be risky. Exposure changes the calculus for the perpetrator, who, once discovered, may have nothing to lose in launching the attack, to see what destruction it wreaks.
So far there is no evidence that the destructive malware has been unleashed by the hackers who placed it in the Ukrainian systems....
The new attack would wipe hard drives clean and destroy files. Some defense experts have said such an attack could be a prelude to a ground invasion by Russia. Others think it could substitute for an invasion, if the attackers believed a cyberstrike would not prompt the kind of financial and technological sanctions that [U.S. President] Biden has vowed to impose in response.
Ukraine's Ministry of Digital Development issued a statement that "All evidence indicates that Russia is behind the cyberattack. Moscow continues to wage a hybrid war and is actively building up its forces in the information and cyberspaces." While the Associated Press
reported the statement, the
Times notes that the ministry provided no evidence, "and early attribution of attacks is frequently wrong or incomplete."
But the
Times also cites U.S. national security adviser Jake Sullivan as saying "If it turns out that Russia is pummeling Ukraine with cyberattacks, and if that continues over the period ahead, we will work with our allies on the appropriate response."
