Ukraine has said it has evidence that Russia was behind a cyberattack that defaced its government websites and alleged that Moscow is engaged in an increasing “hybrid war” against it.
“All evidence indicates that Russia is behind the cyberattack,” the Ministry of Digital Development said in a statement on Sunday, a day after Microsoft said dozens of computer systems at an unspecified number of Ukrainian government agencies had been infected with destructive malware disguised as ransomware.
That disclosure suggested the attention-grabbing defacement attack on official websites last week was a diversion.
“Moscow continues to wage a hybrid war and is actively building up its forces in the information and cyberspaces,” read the statement.
The attack comes as Russia faces accusations of having massed some 100,000 soldiers close to the Ukrainian border, as it seeks a commitment from the West that the former Soviet state will never join NATO.
Senior Russian and US officials this week held talks in Geneva but there was no hint of any breakthrough, with Washington warning by the end of the week Moscow could stage a false flag operation within weeks to precipitate an invasion.
Russia has repeatedly been warned by Western powers of “massive” consequences if it were to attack Ukraine again, although these would likely take the form of sanctions rather than any military riposte.
Microsoft said in a short blog post on Saturday that it first detected the malware on Thursday.
That would coincide with the attack that simultaneously took some 70 Ukrainian government websites temporarily offline.
Microsoft said in a different, technical post that the affected systems “span multiple government, non-profit, and information technology organizations”. It said it did not know how many more organisations in Ukraine or elsewhere might be affected but said it expected to learn of more infections.
A top private sector cybersecurity executive in Kyiv, Oleh Derevianko, told The Associated Press news agency that the intruders penetrated the government networks through a shared software supplier in a supply-chain attack like the 2020 SolarWinds Russian cyberespionage campaign that targeted the US government.
In 2017, Russia targeted Ukraine with one of the most damaging cyberattacks on record with the NotPetya virus, causing more than $10bn in damage globally. That virus, also disguised as ransomware, was a so-called “wiper” that erased entire networks.
In Friday’s mass web defacement, a message left by the attackers claimed they had destroyed data and placed it online, which Ukrainian authorities said had not happened.
The message told Ukrainians to “be afraid and expect the worst”.