Microsoft security specialists have discovered malware on dozens of Ukrainian government computers that could prove more destructive than originally thought, the US company said late on Saturday.
A Microsoft blog post said that the malware was first detected on Thursday, coinciding with an attack that took down some 70 government websites.
The malware was disguised as a blackmail program, but its true purpose may be to destroy data at the hackers’ command, Microsoft said.
Ukraine also announced on Sunday that it had “evidence” that Russia was behind Thursday’s attack. Some analysts have suggested the hack is a prelude to a Russian invasion.
“All evidence indicates that Russia is behind the cyberattack. Moscow continues to wage a hybrid war and is actively building up its forces in the information and cyberspaces,” Ukraine’s Ministry of Digital Development said Sunday.
“The malware, which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom,” Microsoft said in a blog post.
The tech giant was unable to say who was behind the attack, but warned that the affected devices could be more than originally thought.
“Our investigation teams have identified the malware on dozens of impacted systems and that number could grow as our investigation continues,” it said.
Ukrainian security official Serhiy Demedyuk was quoted by Reuters as saying that the malware used by the attackers was similar to that used by Russian intelligence.
Moscow has repeatedly rejected any connection to the cyberattack.
Russia’s history of aggression toward Ukraine
Previous cyberattacks against Ukraine’s infrastructure have been tied by Kyiv and western cybersecurity experts to Russian hackers.
In 2017, Russia targeted Ukraine with the NotPetya virus, which also disguised itself as ransomware but ended up wiping data from entire networks. It was one of the most damaging cyberattacks on record, with the associated costs reaching over $10 billion (€8.76 billion) in damages.
Russian hackers also came close to ruining Ukraine’s general election in 2014 and crippled parts of the power grid during the cold winters of 2015 and 2016.
The US warned on Friday that Russia was planning a false flag attack in Ukraine potentially to justify an invasion. Some 100,000 Russian soldiers have been amassed on the Ukrainian border.
Russian-backed separatists in eastern Ukraine have been fighting the Kyiv government since 2014, the same year Russian soldiers annexed the Ukrainian southern Crimean Peninsula.