Destructive Microsoft malware found in attacks targeting Ukraine
Microsoft hasn’t identified any groups behind the malware attacks and is continuing its analysis.
Microsoft Corp. said it has observed “destructive malware” in systems belonging to several Ukrainian government agencies and organizations that work with the authorities. “The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable,” the company said in a statement. “We're sharing this information to help others in the cybersecurity community look out for and defend against these attacks.”
Microsoft hasn't identified any groups behind the attacks and is continuing its analysis. The malware was first detected on Jan. 13, the company said.
“We have already built and deployed protections for this malware into Microsoft 365 Defender Endpoint Detection and Anti-virus protections wherever these products are deployed, both on-premises and in the cloud,” it said. “We see no indication so far that these attacks utilize any vulnerability in Microsoft products and services.”
Russia preparing sabotage to justify Ukraine invasion, US says
(AFP) The United States on Friday accused Russia of sending saboteurs trained in explosives to stage a pretext to invade Ukraine, where government websites were knocked out in a cyberattack linked to Moscow.
The allegations and incident mark a striking new escalation in tensions over Ukraine, just after a week of talks between the West and Russia that sought a diplomatic solution.
Russia has amassed tanks, artillery and tens of thousands of troops near the border of Ukraine as it demands guarantees that its neighbour will never join NATO -- which on Friday announced new cyber cooperation with Kyiv in response to the attack.
Detailing intelligence findings, the White House said that Russia was "laying the groundwork to have the option of fabricating a pretext for invasion" by blaming Ukraine.
"We have information that indicates Russia has already prepositioned a group of operatives to conduct a false-flag operation in eastern Ukraine," said Jen Psaki, the White House press secretary.
"The operatives are trained in urban warfare and in using explosives to carry out acts of sabotage against Russia's own proxy forces."
US intelligence believes Russia could begin the operations several weeks before a military invasion, which could start between mid-January and mid-February, Psaki said.
Russia has denied plans to invade Ukraine and quickly dismissed the latest US statements, with Kremlin spokesman Dmitry Peskov calling them "unfounded".
- 'Be afraid' -
With the world on alert for any signs of invasion, government sites across Ukraine including of the emergencies ministry, education ministry and cabinet went down early Friday.
Ukraine was still conducting an investigation but preliminary indications suggested that "hacker groups associated with the Russian secret services may stand behind today's massive cyberattack on government websites", foreign ministry spokesman Oleg Nikolenko said on Twitter.
The hacked websites read a message in Ukrainian, Russian and Polish: "All information about you has become public, be afraid and expect the worst."
But Ukraine's SBU security service said access to most sites was restored without hours and preliminary information showed that no personal information was leaked.
NATO said that its experts were on the ground in Ukraine to offer support.
"In the coming days, NATO and Ukraine will sign an agreement on enhanced cyber cooperation, including Ukrainian access to NATO's malware information sharing platform," Secretary General Jens Stoltenberg said.
European Union foreign ministers, meeting in the French city of Brest, promised support, with several saying that they had feared a cyberattack to set the stage for a Russian invasion.
"Some say the cyberattack could be the prelude for other activities, military activities," Austrian Foreign Minister Alexander Schallenberg told reporters.
Russia has repeatedly been accused in hacking attacks in the ex-Soviet country and in the West.
In October 2020, the United States charged six Russians with carrying out cyberattacks on Ukraine's power grid, the 2017 French elections and the 2018 Winter Olympics.
- Russian military drills -
US President Joe Biden has warned his counterpart Vladimir Putin in two telephone calls of severe economic consequences if Russia invades.
Russia has inflicted pressure on Ukraine since an uprising nearly a decade ago toppled a government that resisted calls to move closer to the West.
Moscow seized the Crimean peninsula in 2014 when a pro-Russian insurgency broke out in eastern Ukraine that has since claimed more than 13,000 lives.
US officials say that Russia appears to be following a playbook from 2014 when it also sought to whip up sentiment with allegations of abuse by Ukraine.
The US ambassador to NATO, Julianne Smith told reporters in Brussels that there remained "an array of scenarios" possible on the ground, including a "full-scale conventional military attack".
Footage published by the Russian defence ministry Friday showed Russian tanks and infantry carrying out firing drills near the city of Rostov-on-Don in southern Russia near Ukraine.
Moscow said it was a response to what it sees as the growing presence of NATO in its sphere of influence, where it fiercely opposes the expansion of the Atlantic alliance.
Deputy Foreign Minister Sergei Ryabkov said Thursday that Moscow saw no reason to hold a new round of security talks with the West following what he saw as no progress in talks in Geneva, Brussels and Vienna.
Ryabkov also said he did not rule out the possibility that Moscow could deploy forces to allies Venezuela or Cuba if diplomacy failed.
Ukraine, however, renewed hope for diplomacy and said it has proposed a three-way videoconference involving its president, Volodymyr Zelensky, and Putin and Biden.
Zelensky aide Andriy Yermak, speaking to the Atlantic Council in Washington, said the United States supported the proposal but Russia has not replied.