Ukrainian government networks infected with malware, Microsoft warns

Targeted systems include agencies that provide executive and emergency response functions, the software giant says.

Steven Musil Night Editor / News

Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.

Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.

See full bio

Steven Musil

Jan. 16, 2022 7:52 a.m. PT

2 min read

Microsoft headquarters — Jason Hiner/CNET

Microsoft said late Saturday that it had identified dozens of computer networks at Ukrainian government agencies and organizations infected with destructive malware disguised as ransomware.

The malware targets multiple organizations in Ukraine, including government agencies that provide critical executive branch or emergency response functions, and is designed to make computers inoperable if activated by an attacker, Microsoft said.

"Our investigation teams have identified the malware on dozens of impacted systems and that number could grow as our investigation continues," Microsoft said in a blog post Saturday. "These systems span multiple government, non-profit and information technology organizations, all based in Ukraine."

The operation was detected on Thursday, Microsoft said, coinciding with a massive cyberattack that simultaneously defaced dozens of Ukrainian government sites with a message warning Ukrainians to "be afraid and expect the worst."

Microsoft's announcement comes amid rising tensions with Russia after Moscow amassed about 100,000 troops near its border with Ukraine, prompting fears of an attack.

A Ukrainian security official told Reuters on Saturday that the government believes hacker groups linked to Russia's intelligence services carried out the cyberattack on government websites. Moscow has repeatedly denied involvement in cyberattacks against Ukraine.

In 2017, the Russian military was blamed for the massive NotPetya ransomware attack, which targeted government, financial and energy institutions in Ukraine and caused more than $10 billion in damages worldwide. The US said the attack, which it called "most destructive and costly cyber-attack in history," was part of the Kremlin's efforts to destabilize Ukraine.

The malware "executes when an associated device is powered down," Microsoft said, a typical initial response to a ransomware infection to prevent it from spreading further. Microsoft said it was unable to assess the intent of the destructive activity or identify unique characteristics that link it to known threat actors.