Ukraine reveals website attacks were ‘cover for even more destructive actions’ | Science and technology news
A series of website defacements in Ukraine this week were “cover for even more destructive actions,” according to a government official and a Microsoft tech alert.
The high-profile but ultimately ineffective defacements — which Microsoft says came with fake ransomware notifications — were reported immediately, but malicious software was actually being used behind the scenes to damage the computers on which it was installed.
Microsoft has warned that it has “identified evidence of a destructive malware operation targeting multiple organizations in Ukraine,” although it has been unable to link the hackers behind it to known groups.
The software company said it had identified the malware “on dozens of affected systems,” adding that “this number may increase as our investigation progresses.”
“These systems include multiple governmental, non-profit and IT organizations, all based in Ukraine,” the company added.
However, it is unclear whether the damage was only inflicted on Windows-based systems or whether other similar attacks were taking place at the same time.
Serhiy Demedyuk, deputy secretary of Ukraine’s National Security and Defense Council, told Reuters the country believes the defacements were carried out by a group with which it has ties Belarus.
This group has recently been linked to hacking and disinformation campaigns that was directed against the critics of the Lukashenko regime, including dissidents and foreign governments.
Some experts have expressed concerns that if Belarus were involved in supporting Russian operations against Ukraine, it could potentially expose the country to additional fighting on its western flank.
Mr. Demedyuk dismissed the threat posed to the people of Ukraine by the fake ransomware note but warned the country may feel the consequences of the destructive attack “in the near future”.
EU foreign policy chief Josep Borrell condemned the attack, saying he had “no evidence who was responsible” but “we can imagine who was behind it”.
An emergency EU meeting has been called to respond, he added.
On some of the websites, text in three languages – Ukrainian, Polish (which Mr. Demedyuk said was machine-translated) and Russian – said that all data uploaded to the network by Ukrainians had become public.
“Ukrainian! All your personal data has been uploaded to the public network. All data on the computer is destroyed, it is impossible to restore it,” the message reads.
“All information about you has become public, be afraid and expect the worst. This applies to your past, present and future.”