In the buildup to Russia’s invasion, hackers detonated powerful data-destroying software on the network of Ukraine’s Ministry of Internal Affairs, and they siphoned off large amounts of data from the country’s telecommunications network, according to three people involved in investigations into the incidents.

The attacks dealt a blow to a key Ukrainian law enforcement agency – responsible for overseeing the national police – while giving the hackers potentially valuable insights into the communications and movements of people inside the country before Russian troops began their assault, the people said. They requested anonymity because they weren’t authorised to discuss the confidential investigations publicly.

The details, which haven’t been previously reported, illustrate the growing role of cyber operations in modern military conflicts and the range of threats facing Ukrainian President Volodymyr Zelenskiy as Russian forces fight to seize control of the country. The people involved in the investigations didn’t say who was behind the cyberattacks.

Representatives of the Ukrainian government didn’t respond to requests for comment.

On Feb 23, the day before the invasion, multiple governmental websites in Ukraine experienced disruptions that appeared to be the result of distributed denial-of-service, or DDoS, attacks. Security researchers said they included the Ministry of Defense, Ministry of Foreign Affairs and the Ministry of Internal Affairs.

Researchers at the cybersecurity firm Eset LLC had said that more than three Ukrainian organisations were compromised Wednesday with destructive malware that infected a few hundred computers at those organisations.

“This was not a widespread attack. They pinpointed specific organisations and then went in and deployed the malware,” said Jean-Ian Boutin, ESET’s head of threat research, who declined to name the specific organisations affected. “The fact that this happened a few hours before the full-scale invasion, it leads us to believe these organisations were targeted for a reason.”

The three people involved in the investigations identified the Ministry of Internal Affairs as one of the organisations compromised by the data-destroying malware. The extent of the damage is unclear. One of the people said key officials had evacuated, and as a result, security specialists have been unable to conduct a full forensics investigation of its network.

Another person said the hackers removed large amounts of data from the agency’s network before detonating the malware, indicating that they were likely gathering intelligence about the agency’s operations before attempting to disrupt them.

The three people also said that the deployment of the destructive malware coincided with yet another attack, in which hackers began removing large amounts of data from Ukrainian telecommunications systems in the weeks leading up to the invasion, apparently activating malicious code – or implants – that had been embedded into those systems during earlier intrusions.

The name of the telecommunications company or companies impacted by the attack weren’t immediately available.

Some details of the cyberattacks against Ukraine have trickled out since January.

On Jan 15, for instance, Microsoft Corp disclosed that it had discovered a new type of destructive malware on “dozens of impacted systems” spanning “multiple government, nonprofit and information technology organisations, all based in Ukraine”. It didn’t identify any victims.

Coming at a time when Russia was massing troops on Ukraine’s borders, and US and European intelligence services were warning that Putin was preparing an invasion, the discovery raised fears that Ukraine’s defences could be substantially diminished by a coordinated detonation of data-wiping code.

On Feb 15 and 16, government and financial websites in Ukraine came under a disruptive DDoS attack that Mykhailo Fedorov, minister of digital transformation, said was the worst of its kind the country had ever seen. “This attack was unprecedented, it was prepared well in advance, and its key goal was destabilisation, sowing panic and creating chaos in our country,” Fedorov said.

US and UK officials attributed those attacks to Russia’s GRU military intelligence service, the same organisation accused the 2017 NotPetya attacks, which involved similar “wiper” malware. Those attacks began in Ukraine but spread across the globe, causing an estimated US$10bil (RM41.98bil) in damages.

Russia has repeatedly denied being behind cyberattacks. – Bloomberg