Hackers destroyed data at key Ukraine agency before invasion

Researchers at the cybersecurity firm Eset LLC had said that more than three Ukrainian organisations were compromised Wednesday with destructive malware that infected a few hundred computers at those organisations. — DARWIN LAGANZON/Pixabay

In the buildup to Russia’s invasion, hackers detonated powerful data-destroying software on the network of Ukraine’s Ministry of Internal Affairs, and they siphoned off large amounts of data from the country’s telecommunications network, according to three people involved in investigations into the incidents.

The attacks dealt a blow to a key Ukrainian law enforcement agency – responsible for overseeing the national police – while giving the hackers potentially valuable insights into the communications and movements of people inside the country before Russian troops began their assault, the people said. They requested anonymity because they weren’t authorised to discuss the confidential investigations publicly.

The details, which haven’t been previously reported, illustrate the growing role of cyber operations in modern military conflicts and the range of threats facing Ukrainian President Volodymyr Zelenskiy as Russian forces fight to seize control of the country. The people involved in the investigations didn’t say who was behind the cyberattacks.

Representatives of the Ukrainian government didn’t respond to requests for comment.

On Feb 23, the day before the invasion, multiple governmental websites in Ukraine experienced disruptions that appeared to be the result of distributed denial-of-service, or DDoS, attacks. Security researchers said they included the Ministry of Defense, Ministry of Foreign Affairs and the Ministry of Internal Affairs.

Researchers at the cybersecurity firm Eset LLC had said that more than three Ukrainian organisations were compromised Wednesday with destructive malware that infected a few hundred computers at those organisations.

“This was not a widespread attack. They pinpointed specific organisations and then went in and deployed the malware,” said Jean-Ian Boutin, ESET’s head of threat research, who declined to name the specific organisations affected. “The fact that this happened a few hours before the full-scale invasion, it leads us to believe these organisations were targeted for a reason.”

The three people involved in the investigations identified the Ministry of Internal Affairs as one of the organisations compromised by the data-destroying malware. The extent of the damage is unclear. One of the people said key officials had evacuated, and as a result, security specialists have been unable to conduct a full forensics investigation of its network.

Another person said the hackers removed large amounts of data from the agency’s network before detonating the malware, indicating that they were likely gathering intelligence about the agency’s operations before attempting to disrupt them.

The three people also said that the deployment of the destructive malware coincided with yet another attack, in which hackers began removing large amounts of data from Ukrainian telecommunications systems in the weeks leading up to the invasion, apparently activating malicious code – or implants – that had been embedded into those systems during earlier intrusions.

The name of the telecommunications company or companies impacted by the attack weren’t immediately available.

Some details of the cyberattacks against Ukraine have trickled out since January.

On Jan 15, for instance, Microsoft Corp disclosed that it had discovered a new type of destructive malware on “dozens of impacted systems” spanning “multiple government, nonprofit and information technology organisations, all based in Ukraine”. It didn’t identify any victims.

Coming at a time when Russia was massing troops on Ukraine’s borders, and US and European intelligence services were warning that Putin was preparing an invasion, the discovery raised fears that Ukraine’s defences could be substantially diminished by a coordinated detonation of data-wiping code.

On Feb 15 and 16, government and financial websites in Ukraine came under a disruptive DDoS attack that Mykhailo Fedorov, minister of digital transformation, said was the worst of its kind the country had ever seen. “This attack was unprecedented, it was prepared well in advance, and its key goal was destabilisation, sowing panic and creating chaos in our country,” Fedorov said.

US and UK officials attributed those attacks to Russia’s GRU military intelligence service, the same organisation accused the 2017 NotPetya attacks, which involved similar “wiper” malware. Those attacks began in Ukraine but spread across the globe, causing an estimated US$10bil (RM41.98bil) in damages.

Russia has repeatedly denied being behind cyberattacks. – Bloomberg

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Russia , Ukraine


Next In Tech News

Saudi Arabia outlines plans to invest US$38bil in esports
Man pretends to be his son to ask teen girls for nude photos on Instagram, US cops say
Japan's Kioxia to cut wafer start production volume by 30% at two plants
Makeshift WiFi spot reconnects shattered Ukraine city
Meta rivals want no part of defending its many addiction suits
Software robots are gaining ground in white-collar office world
Australian police seek to protect 10,000 customers after Optus hack
Bitcoin could be as�bad for�the planet as�beef
Mom used phone app to track carjacker accused of pointing gun at teen daughter, US feds say
Google shutting down cloud gaming service Stadia

Others Also Read