Ukraine has said it has “evidence” Russia was behind a massive cyber-attack that knocked out key government websites last week, while Microsoft warned the hack could be far worse than first thought.
Tensions are at an all-time high between Ukraine and Russia, which Kyiv accuses of having massed troops on its border before a possible invasion. Some analysts fear the cyber-attack could be the prelude to a military attack.
On Friday, Washington also accused Russia of sending saboteurs trained in explosives to stage a “false flag” operation that could be the pretext to invading its pro-western neighbour.
“All the evidence points to Russia being behind the cyber-attack,” the Ukrainian digital transformation ministry said in a statement on Sunday. “Moscow is continuing to wage a hybrid war.”
The ministry urged Ukrainians not to panic, saying their personal information was protected. The purpose of the attack, it added, “is not only to intimidate society but to also destabilise the situation in Ukraine, halting the work of the public sector and crushing Ukrainians’ trust in the authorities”.
The Kremlin rejected the claims and said there was no evidence Russia was behind the attack.
“We have nothing to do with it. Russia has nothing to do with these cyber-attacks,” Vladimir Putin’s spokesperson, Dmitry Peskov, told CNN. “Ukrainians are blaming everything on Russia, even their bad weather in their country,” he said in English.
Kyiv said late on Friday that it had uncovered preliminary clues Russian security services could have been behind the cyber-attack.
The SBU security service said the attacks in the early hours of Friday had targeted a total of 70 government websites.
Microsoft warned on Sunday that the cyber-attack could prove destructive and affect more organisations than initially feared. The company said it continued to analyse the malware and warned it could render government digital infrastructure inoperable.
“The malware, which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom,” Microsoft said in a blogpost.
It said it had not yet identified a culprit behind the attacks but warned that the number of affected organisations could prove larger than initially thought.
“Our investigation teams have identified the malware on dozens of impacted systems and that number could grow as our investigation continues,” Microsoft said.
“These systems span multiple government, non-profit, and information technology organisations, all based in Ukraine. We do not know the current stage of this attacker’s operational cycle or how many other victim organisations may exist in Ukraine or other geographic locations.”
