Ukraine blames Russia for cyber attack as fears of conflict grow

Microsoft finds potentially crippling malware on Ukrainian government systems

An Ukrainian military forces serviceman walks on a trench on the frontline with Russia-backed separatists near Luganske village, in Donetsk. Photograph: Anatolii Stepanov/AFP via Getty

An Ukrainian military forces serviceman walks on a trench on the frontline with Russia-backed separatists near Luganske village, in Donetsk. Photograph: Anatolii Stepanov/AFP via Getty

 

Ukraine believes Russia is behind a cyber attack that US technology firm Microsoft suspects could cripple computers on government networks, at a time when Kiev fears a major new assault by Moscow’s military.

Scores of websites belonging to state agencies and other organisations in Ukraine were brought down on Friday by hackers who left an on-screen message telling Ukrainians that their personal data had been stolen and to “be afraid and expect worse”.

Officials said no personal information was lost and most affected websites were quickly reactivated, but now experts believe the eye-catching incident could be cover for a much more serious attack on important computer systems in Ukraine at a time of growing tensions with Russia.

Microsoft security specialists said they found malware in Ukrainian networks “which is designed to look like ransomware but ... is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom”.

During a ransomware attack – such as the one on Ireland’s health service last year – hackers encrypt data and demand a ransom to decrypt it.

By contrast, the malware deployed in the Ukrainian incident wipes data, overwriting the part of the hard drive that tells a computer how to load its operating system; this is just one of several ways in which the attack is “inconsistent with cybercriminal ransomware activity”, Microsoft said.

The affected computer networks “span multiple government, non-profit and information technology organisations, all based in Ukraine”, the company added.

Hybrid war

Ukraine’s ministry for digital development said on Sunday that “all evidence indicates that Russia is behind the cyber attack”.

“Moscow continues to wage a hybrid war and is actively building up its forces in the information and cyber spaces” and aims to “intimidate society ... and destabilise the situation in Ukraine by stopping the work of the public sector and undermining the confidence of Ukrainians in the government”.

The ministry assured Ukrainians again that no personal data had been compromised and urged them “not to panic”.

“The battlefield for security and for the very existence of our state lies on several planes: military, diplomatic, historical and now digital. Therefore, Ukrainian cyber experts should join forces to counter the threat and neutralise the enemy.”

Kremlin spokesman Dmitry Peskov said Russia had “nothing to do with these cyber attacks”.

Ukraine has suffered several major cyber attacks since 2014, when a revolution pivoted the country towards the West and Russia responded by annexing Crimea and fomenting a war in eastern Ukraine that has now killed more than 14,000 people.

In 2015 and 2016 parts of Ukraine’s power grid were briefly shut down by online attacks, and in 2017 Russian hackers unleashed the “NotPetya” malware on Ukrainian firms, which then infected systems around the world in what became the costliest cyber attack ever.

Now Russia has about 100,000 troops deployed close to Ukraine, and threatens to respond with “military-technical” means if Nato refuses to bar Ukraine from ever joining the alliance and does not withdraw its forces from eastern Europe.

Moscow says it hopes to receive written responses to its demands from the US and Nato in the coming days, after talks last week made no headway.