UPDATED 14:58 EST / JANUARY 17 2022

SECURITY

Microsoft uncovers malware campaign targeting organizations in Ukraine

Microsoft Corp. has uncovered a hacking campaign that targets organizations in Ukraine with destructive malware designed to render their computers unusable. 

The company detailed the hacking campaign in a Saturday blog post. Previously, a cyberattack last week took about 70 Ukrainian government websites temporarily offline. According to the Financial Times, Ukraine’s digital transformation ministry said that “all evidence points to Russia being behind the attack” that targeted the government websites last week.  

The malware used as part of the hacking campaign uncovered by Microsoft first appeared on computers in Ukraine on Jan. 13, the company stated. Microsoft said it has detected the malware on dozens of systems across multiple government, nonprofit and information technology organizations.

“We do not know the current stage of this attacker’s operational cycle or how many other victim organizations may exist in Ukraine or other geographic locations,” Microsoft detailed in the blog post. “However, it is unlikely these impacted systems represent the full scope of impact as other organizations are reporting.”

The malware used in the hacking campaign, Microsoft detailed, is designed to appear as ransomware. But instead of encrypting files as ransomware cyberattacks usually do, the malware discovered by Microsoft makes data on the devices that it targets unusable.

Microsoft determined that the malware carries out cyberattacks in two stages.

During the first stage, the malware overwrites a section of the infected computer’s hard drive that is known as the Master Boot Record, or MBR. The section contains information that the operating system needs to load when a computer starts. The malware overwrites the MBR to display a ransom note when the compromised  machine boots.

According to Microsoft, the malware activates the second stage of the cyberattack when the infected computer is powered down. In the second stage, a malicious payload is downloaded that scans the computer for files with certain file extensions. Then the malicious payload overwrites the contents of the files that it finds and renames them.

Microsoft has released updates for its Microsoft Defender Antivirus and Microsoft Defender for Endpoint cybersecurity products to facilitate detection of the malware. The tools can detect the malware in both on-premises and cloud environments, the company said.

“We are continuing the investigation and will share significant updates with affected customers, as well as public and private sector partners, as [we] get more information,” Microsoft’s cybersecurity researchers wrote. 

Image: Unsplash

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU