Ukraine says Russia was behind a cyber attack that defaced its government websites and is engaged in an increasing “hybrid war” against its neighbor.
70 Ukrainian government websites were taken offline by cyber attacks last week
Microsoft says it attacks targeted government, non-profit, and information technology organizations
- Russia have been behind similar cyber attacks in the past against Ukraine and the US
The statement from the Ministry of Digital Development came a day after Microsoft said dozens of computer systems at an unspecified number of Ukrainian government agencies had been infected with destructive malware disguised as ransomware.
That disclosure suggested the attention-grabbing defacement attack on official websites last week was a diversion.
“All evidence indicates that Russia is behind the cyber attack,” the ministry statement said.
The attack comes as the threat of a Russian invasion of Ukraine looms and diplomatic talks to resolve the tense stand-off appear stalled.
Microsoft said in a short blog post on Saturday that it first detected the malware on Thursday.
That would coincide with the attack that simultaneously took some 70 Ukrainian government websites temporarily offline.
Microsoft said in a different, technical post that the affected systems “span multiple government, non-profit, and information technology organizations.”
It said it did not know how many more organizations in Ukraine or elsewhere might be affected but said it expected to learn of more infections.
A top private-sector cybersecurity executive in Kyiv, Oleh Derevianko, said that the intruders penetrated the government networks through a shared software supplier in a supply-chain attack like the 2020 SolarWinds Russian cyber espionage campaign that targeted the US government.
In 2017, Russia targeted Ukraine with one of the most damaging cyber attacks on record with the NotPetya virus, causing more than $ 10 billion in damage globally.
That virus, also disguised as ransomware, was a so-called “wiper” that erased entire networks.
In Friday’s mass web defacement, a message left by the attackers claimed they had destroyed data and placed it online, which Ukrainian authorities said had not happened.
The message told Ukrainians to “be afraid and expect the worst”.