Happy Nice Mall

BOSTON — Microsoft said late Saturday that dozens of computer systems in an unspecified number of Ukrainian government agencies were infected with devastating malware disguised as ransomware, a statement suggesting a notable falsification attack on official websites was a diversion. The extent of the damage was not immediately clear.

The attack comes as a threat of Russian invasion. Ukraine The plots and diplomatic talks to resolve the tension seem to have stalled.

Microsoft said in a short blog post that sounded an industry alarm that it first detected the malware on Thursday. This will coincide with the attack that took around 70 government websites temporarily offline at the same time.

The statement came after a report by Reuters earlier in the day that a senior Ukrainian security official said the falsification really covered up a malicious attack.

Separately, a senior private-sector cybersecurity executive in Kiev told The Associated Press how the attack was successful: The intruders infiltrated government networks through a partner software supplier, in what has been dubbed a supply chain attack in the style of the 2020 SolarWinds Russian cyberespionage campaign. US government.

In a different technical post, Microsoft said the affected systems “encompass multiple governments, nonprofits, and information technology organizations.” He said he did not know how many other organizations exist in Turkey. Ukraine or elsewhere, but expected to learn of more infections, he said.

“The malware is disguised as ransomware, but if activated by the attacker, it will render the infected computer system inoperable,” Microsoft said. In short, it lacks a ransomware recovery mechanism.

Microsoft said the malware “executes when an associated device is turned off,” a typical first reaction to a ransomware attack.

Microsoft said it has yet to assess the purpose of the disruptive activity or link the attack to any known threat actors. Ukrainian security official Serhiy Demedyuk said the attackers used malware similar to that used by Russian intelligence. He is the deputy secretary of the National Security and Defense Council.

A preliminary investigation led the Ukrainian Security Service SBU to accuse “hacker groups linked to Russia’s intelligence services” for the destruction of the web. Moscow has repeatedly denied involvement in cyber attacks. Ukraine.

Tensions with Russia have been rising in recent weeks after Moscow has recently recruited an estimated 100,000 troops. Ukrainelimit. Experts say they expect any invasion to have a cyber component that is an integral part of modern “hybrid” warfare.

In a written statement to Reuters, Demedyuk said the falsification was “just a cover for more destructive actions that are taking place behind the scenes and whose consequences we will feel in the near future.” The story was not detailed and Demedyuk could not be immediately reached for comment.

Oleh Derevianko, a prominent private sector expert and founder of ISSP cybersecurity firm, told the AP he did not know how serious the damage was. It also said it was unknown what else the attackers might have accomplished after hacking into KitSoft, which the developer used to plant the malware.

Russia targeted in 2017 Ukraine One of the most damaging cyberattacks to date, with the NotPetya virus causing more than $10 billion in damage worldwide. Also disguised as ransomware, this virus was a so-called “wiper” that wiped out entire networks.

Ukraine suffered the unfortunate fate of being the world’s proven ground for cyber conflicts. Russian state-sponsored hackers virtually blocked the 2014 national elections and briefly maimed parts of the power grid during the winters of 2015 and 2016.

In Friday’s mass web destruction, a message left by the attackers claimed they had destroyed the data and placed it online, but Ukrainian officials said that was not the case.

The message told Ukrainians to “fear and expect the worst.”

Ukrainian cybersecurity experts have been strengthening critical infrastructure defenses with more than $40 million in US aid since 2017. They are particularly concerned about Russian attacks on the power grid, rail network and central bank.