Microsoft uncovers malware campaign targeting organizations in Ukraine
Microsoft Corp. has uncovered a hacking campaign that targets organizations in Ukraine with destructive malware designed to render their computers unusable.
The company detailed the hacking campaign in a Saturday blog post. Previously, a cyberattack last week took about 70 Ukrainian government websites temporarily offline. According to the Financial Times, Ukraine’s digital transformation ministry said that “all evidence points to Russia being behind the attack” that targeted the government websites last week.
The malware used as part of the hacking campaign uncovered by Microsoft first appeared on computers in Ukraine on Jan. 13, the company stated. Microsoft said it has detected the malware on dozens of systems across multiple government, nonprofit and information technology organizations.
“We do not know the current stage of this attacker’s operational cycle or how many other victim organizations may exist in Ukraine or other geographic locations,” Microsoft detailed in the blog post. “However, it is unlikely these impacted systems represent the full scope of impact as other organizations are reporting.”
The malware used in the hacking campaign, Microsoft detailed, is designed to appear as ransomware. But instead of encrypting files as ransomware cyberattacks usually do, the malware discovered by Microsoft makes data on the devices that it targets unusable.
Microsoft determined that the malware carries out cyberattacks in two stages.
During the first stage, the malware overwrites a section of the infected computer’s hard drive that is known as the Master Boot Record, or MBR. The section contains information that the operating system needs to load when a computer starts. The malware overwrites the MBR to display a ransom note when the compromised machine boots.
According to Microsoft, the malware activates the second stage of the cyberattack when the infected computer is powered down. In the second stage, a malicious payload is downloaded that scans the computer for files with certain file extensions. Then the malicious payload overwrites the contents of the files that it finds and renames them.
Microsoft has released updates for its Microsoft Defender Antivirus and Microsoft Defender for Endpoint cybersecurity products to facilitate detection of the malware. The tools can detect the malware in both on-premises and cloud environments, the company said.
“We are continuing the investigation and will share significant updates with affected customers, as well as public and private sector partners, as [we] get more information,” Microsoft’s cybersecurity researchers wrote.
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.