Written by Tim Starks
Cybersecurity researchers shed additional light over the weekend on the cyberattacks that disabled Ukrainian government websites, as Kyiv pointed to Russia as the culprit.
Microsoft and ESET both shared details on the nature of the malware that took the Ukrainian sites down.
Microsoft “assesses that the malware, which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom,” the company wrote in a blog post Saturday.
However, Microsoft said it couldn’t yet attribute who was behind the malware, labeled WhisperGate. The Department of Homeland Security’s Cybersecurity and Infrastructure Agency recommended that network defenders review the Microsoft blog post, suggesting the possibility that the attacks could spread to include other targets.
ESET on Sunday elaborated further, saying that the malware the attackers contained code “commonly used by commodity e-crime malware.”
“It is likely that attackers were trying to avoid existing detections at the last moment before the attack, that’s why they used third party criminal services,” ESET said in a tweet thread.
Ukraine was more definitive in placing blame than Microsoft.
“All the evidence points to Russia being behind the cyberattack,” the Ukrainian digital transformation ministry said in a Sunday statement. “Moscow is continuing to wage a hybrid war.”
A Ukrainian official also told Reuters that signs point to the attacks being the work of a Belarusian intelligence-connected group known as Ghostwriter, a group that might have a Russian element.
The Kremlin has denied being involved.
The attacks on the Ukrainian government websites add to that nation’s hostilities with Russia, which U.S. intelligence believes is planning an invasion on the country’s eastern border. The incidents also surfaced around the same time Russia announced it had arrested ransomware gang members on its own soil alleged to be behind the Colonial Pipeline attack, raising suspicions that the Kremlin intends to use the arrests as diplomatic levers with the U.S., which has threatened sanctions should Russia invade Ukraine.