Microsoft security specialists have discovered malware on dozens of Ukrainian government computers that could prove more destructive than originally thought, the US company said late on Saturday.
A Microsoft blog post said that the malware was first detected on Thursday, coinciding with an attack that took down 70 government websites.
“All evidence indicates that Russia is behind the cyberattack. Moscow continues to wage a hybrid war and is actively building up its forces in the information and cyberspaces,” Ukraine’s Ministry of Digital Development said Sunday. .
Described as a possible Master Boot Record (MBR) wiper, Microsoft says the malware is executed when an impacted device is powered down and disguises itself as ransomware—but lacks a ransom recovery mechanism and is intended to be destructive and brick targeted devices.
The tech giant says the malware, which it refers to as “WhisperGate”, first appeared on victim systems in Ukraine on January 13, 2022 and targeted multiple organizations, all in the Ukraine.
While Microsoft says it has not found any notable associations between the observed activity (which it tracks as DEV-0586) and other known threat groups, Ukraine said Sunday it had ‘evidence’ that Russia was behind the attacks.
Microsoft finds destructive malware in ukraine cyber attack
