‘Russian-backed’ hackers defaced Ukrainian websites as cover for dangerous malware attack

Malicious malware posing as ransomware has been discovered on multiple computer systems in the Ukraine following a hacking attack on Friday that targeted more than 70 government websites.

Hackers exploited a known vulnerability in a content management system used by government agencies and other organisations to deface websites with threatening messages written in Ukrainian, Polish and Russian.

The Ukrainian government has blamed a Russian-influenced hacking group for defacing government websites with messages warning Ukrainians “to expect the worst”.

But it emerged over the weekend that Friday’s attacks appeared to have been a distraction exercise to divert attention from more serious malware implanted on Ukrainian government and commercial computer systems.

Microsoft disclosed over the weekend that it had detected “destructive malware” on dozens of computer systems belonging to Ukrainian agencies and organisations, including IT companies, that work closely with the Ukrainian government.

The malware, first detected on 13 January 2020, masquerades as ransomware, but is designed to destroy information on infected computer systems without offering victims the ability to recover the data in return for a ransom payment.

Microsoft wrote in a blog post: “We do not know the current stage of this attacker’s operation cycle or how many other victim organisations exist in Ukraine or other geographic locations. However, it is unlikely that these impacted systems [discovered by Microsoft] represent the full scope of the impact.”

The attack comes at a time of heightened geopolitical tension between Russia and the West after warnings by western governments that the cyber attacks could be a precursor to military action by Russia, which has positioned 100,000 troops on the Ukrainian border.

Russian influence