Topline
Data-wiping malware swept through hundreds of computers in Ukraine on Wednesday, according to cybersecurity researchers, the latest bout of cyber-disruption to hit Ukraine as fears of a Russian invasion—which may involve cyberattacks—continue to flare.
Key Facts
The malware—which seeks to destroy victims’ data—targeted some large organizations in Ukraine, spreading to at least “several hundred machines,” Jean-Ian Boutin, head of threat research at security firm ESET, wrote in a statement to Forbes (ESET didn’t identify any specific victims of the malware, which it calls HermeticWiper).
Boutin believes victims’ data was destroyed, calling the malware “very effective.”
ESET says it has only spotted the HermeticWiper malware in Ukraine, but Broadcom’s Symantec Threat Intelligence has identified data-wiping attacks in Latvia and Lithuania as well as Ukraine, with targets that include “finance and government contractors,” Symantec technical director Vikram Thakur said in a statement Wednesday.
The malware was reported just hours after distributed denial of service (DDoS) attacks took down the websites of several Ukrainian banks and government agencies, following a similar DDoS attack on Ukrainian banks last week that U.S. officials have blamed on the Russian government (damage from DDoS attacks is usually temporary).
Data-wiping malware also swept through Ukraine last month, according to Microsoft.
What We Don’t Know
ESET didn’t speculate on the perpetrator of Wednesday’s malware attack, but said it “appears to be related to the ongoing crisis in Ukraine.”
Surprising Fact
ESET says the malware was created two months ago but first deployed Wednesday, citing time stamps.
Key Background
Russia’s military has moved over 150,000 troops to Ukraine’s border, leading U.S. officials to conclude Russian President Vladimir Putin will probably mount a devastating invasion of Ukraine, a former Soviet state that Putin has sought to keep out of the West’s orbit. Some experts and Biden Administration staffers warn a full-scale invasion of Ukraine could be preceded by a series of brutal cyberattacks that disrupt Ukraine’s economy and government. The Russian government—and Russian-speaking gangs that ostensibly operate with tacit government approval—have been blamed for cyberattacks in the past. Russian actors were widely suspected of carrying out a 2015 hack that disabled parts of Ukraine’s power grid, and several U.S. government agencies and private businesses have weathered massive malware attacks linked to Russia in recent years. Russia has consistently denied carrying out cyberattacks, and Putin insisted last year that most cybercrime originates in the United States.
What To Watch For
Russia has placed 80% of its troops near Ukraine into forward positions, meaning Putin could launch an invasion at any time, a U.S. defense official said Wednesday. Tensions have picked up in recent days: Putin recognized the independence of two pro-Russian separatist states in eastern Ukraine on Monday, and indicated he could send “peacekeeping” forces to those regions. Plus, violations of a ceasefire between Ukraine and the separatists have increased, which the U.S. has framed as a Russian-orchestrated gambit to provoke a war.
Contra
Russia denies any interest in invading Ukraine, but it has threatened “military-technical” measures if the United States doesn’t meet a series of demands that U.S. officials have cast as nonstarters, including a pledge to keep Ukraine out of the NATO alliance. And in a verbose Monday evening speech, Putin claimed Ukraine has “never had stable traditions of real statehood” and blamed the Ukrainian government for the tensions.
Further Reading
Cyberattacks On Ukraine Could Be Prelude To More Aggression, Experts Say (Forbes)
Source: https://www.forbes.com/sites/joewalsh/2022/02/23/another-round-of-malware-attacks-hits-ukraine-as-russia-crisis-intensifies/