Ukraine government agencies’ computer systems infected with malware, Microsoft says

Microsoft announced on Saturday that dozens of computer systems linked to the Ukrainian government, agencies and organizations had been infected with malware.

Microsoft in a statement said the malware, which was initially detected on Thursday, was disguised as ransomware but could infect computers and make them inoperable if activated by the attacker.

The company wrote in a separate statement that the malware was detected on “dozens of impacted systems and that number could grow as our investigation continues.”

“These systems span multiple government, non-profit, and information technology organizations, all based in Ukraine,’ the company wrote.

Microsoft said the malware impacted government agencies that handle executive branch or emergency response functions. It also reportedly affected an IT firm that oversees websites for public- and private-sector clients, including government agencies that were hit with a cyberattack last week that posted various messages on websites.

A “massive cyberattack” breached a number of Ukrainian government websites on Friday, according to officials, which led some agency websites to be temporarily shut down. Hackers reportedly wrote messages including “be afraid and expect worse” and “All information about you has become public, be afraid and expect worse.”

Microsoft’s announcement that malware had been detected on Ukrainian government systems comes amid concerns in the U.S. that rising tensions between Russia and Ukraine may lead Moscow to carry out hacking operations. Ukraine has been the target of Russia’s hacking efforts in the past.

U.S. officials are also warning Russian threats of war against Ukraine are spiking dangerously after a week of diplomatic meetings aimed at avoiding the outbreak of open conflict. 

The Ukrainian deputy secretary of the national and defense council, however, told Reuters that Kyiv believes a hacker group connected to Belarusian intelligence was behind the breach of government websites and utilized malware. Serhiy Demedyuk told the news service that Ukraine preliminarily believes a group known as UNC1151 infiltrated the breach.

Microsoft said it is currently unsure of the attacker’s operation cycle or how many groups it may have breached in Ukraine or other countries, but noted that “it is unlikely these impacted systems represent the full scope of impact as other organizations are reporting.”

The company said it has notified all identified, impacted organizations, while warning that more victims could be recognized.

“It is possible more organizations have been infected with this malware and the number of impacted organizations could grow,” Microsoft wrote. “We will continue to work with the cybersecurity community to identify and assist targets and victims.”