Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Microsoft Government Security The Military

Microsoft Detects Lurking Malware On Ukrainian Computers (bdnews24.com) 42

"Microsoft warned on Saturday evening that it had detected a highly destructive form of malware in dozens of government and private computer networks in Ukraine," reports the New York Times, "that appeared to be waiting to be triggered by an unknown actor...."

The Times reports that the malware "bears some resemblance" to NotPetya, the widespreading 2017 malware which "American intelligence officials later traced to Russian actors."

The discovery comes in the midst of what the Times earlier called "the security crisis Russia has ignited in Eastern Europe by surrounding Ukraine on three sides with 100,000 troops and then, by the White House's accounting, sending in saboteurs to create a pretext for invasion."

Long-time Slashdot reader 14erCleaner shares the Times' latest report: In a blog post, [Microsoft] said that on Thursday — around the same time government agencies in Ukraine found that their websites had been defaced — investigators who watch over Microsoft's global networks detected the code. "These systems span multiple government, nonprofit and information technology organizations, all based in Ukraine," Microsoft said.... The code appears to have been deployed around the time that Russian diplomats, after three days of meetings with the United States and NATO over the massing of Russian troops at the Ukrainian border, declared that the talks had essentially hit a dead end....

Microsoft said that it could not yet identify the group behind the intrusion, but that it did not appear to be an attacker that its investigators had seen before. The code, as described by the company's investigators, is meant to look like ransomware — it freezes up all computer functions and data, and demands a payment in return. But there is no infrastructure to accept money, leading investigators to conclude that the goal is to inflict maximum damage, not raise cash.

It is possible that the destructive software has not spread too widely and that Microsoft's disclosure will make it harder for the attack to metastasize. But it is also possible that the attackers will now launch the malware and try to destroy as many computers and networks as possible.... Warnings like the one from Microsoft can help abort an attack before it happens, if computer users look to root out the malware before it is activated. But it can also be risky. Exposure changes the calculus for the perpetrator, who, once discovered, may have nothing to lose in launching the attack, to see what destruction it wreaks.

So far there is no evidence that the destructive malware has been unleashed by the hackers who placed it in the Ukrainian systems....

The new attack would wipe hard drives clean and destroy files. Some defense experts have said such an attack could be a prelude to a ground invasion by Russia. Others think it could substitute for an invasion, if the attackers believed a cyberstrike would not prompt the kind of financial and technological sanctions that [U.S. President] Biden has vowed to impose in response.

Ukraine's Ministry of Digital Development issued a statement that "All evidence indicates that Russia is behind the cyberattack. Moscow continues to wage a hybrid war and is actively building up its forces in the information and cyberspaces." While the Associated Press reported the statement, the Times notes that the ministry provided no evidence, "and early attribution of attacks is frequently wrong or incomplete."

But the Times also cites U.S. national security adviser Jake Sullivan as saying "If it turns out that Russia is pummeling Ukraine with cyberattacks, and if that continues over the period ahead, we will work with our allies on the appropriate response."
This discussion has been archived. No new comments can be posted.

Microsoft Detects Lurking Malware On Ukrainian Computers

Comments Filter:
  • by Rosco P. Coltrane ( 209368 ) on Sunday January 16, 2022 @04:03PM (#62178257)

    It's called Windows.

  • Not sure (Score:2, Funny)

    by nospam007 ( 722110 ) *

    But isn't malware always lurking in the background?

  • Assume that Russia is doing a massive cyber attack on Ukraine and then sends troops across the border... Should the US institute counter-cyber attacks as a core part of our (less than sending troops into battle) response? And then are we ready for Cyber WWIII?

    • by Gravis Zero ( 934156 ) on Sunday January 16, 2022 @04:39PM (#62178315)

      Should the US institute counter-cyber attacks as a core part of our (less than sending troops into battle) response?

      It really depends on the target. If we are going after a government then it's likely already part of procedure as a tactical option. However, it doesn't have much of a place in asymmetric warfare because it's much better as a tool for intelligence gathering.

      There is nothing "core" about electronic warfare, it's just another tactic.

  • by Gravis Zero ( 934156 ) on Sunday January 16, 2022 @04:32PM (#62178307)

    If Ukraine is wise about this, they will use this as an opportunity to plug many different vulnerabilities, thereby leaving their systems more secure than before.

    • by gtall ( 79522 )

      So they'll be moving off Winders then? Ah, if only they are wise enough.

    • If Ukraine is wise about this, they will use this as an opportunity to plug many different vulnerabilities, thereby leaving their systems more secure than before.

      Or plug a few thousand [yahoo.com] Russian soldiers [independent.co.uk] like they have been doing for years [glasnostgone.org].

      • Re: (Score:3, Interesting)

        by Anonymous Coward

        Russian forces are outclassed in several areas. If a serious push comes the Russian body count will be high.

        Ukraine is operating the absolute latest in Turkish UAV technology whereas Russia has Orlan-10; a toy by comparison. Ukraine has been supplied with Javelin missiles by the US. You don't want to be operating a tank anywhere near Javelin's.

  • Level of damage (Score:5, Insightful)

    by BeerCat ( 685972 ) on Sunday January 16, 2022 @04:39PM (#62178319) Homepage

    "The new attack would wipe hard drives clean and destroy files."

    Many years ago (probably pre-2000) and a book that attempted to catalogue the different types of malware then known had outline descriptions of the damage caused.

    Surprisingly, "wiping the hard drive" was classed as "minor" damage. The book explained this as it was a reasonable assumption that regular backups were made. Hence, the impact was simply the time taken to restore from the backup.

    (From memory, "major" damage was where data files were subtly corrupted (for example, random changing of digits, or changing an occurrence of "=" into ">". This would mean that everything would carry on without being detected, Including backups. Hence backups themselves would be perfectly usable, but the contents would have unknown changes going back an unspecified time. As a result, the backups could no longer be relied upon at all)

  • Security really can't be important aspect in the Security Policy Risk Analysis the Microsoft Sales rep wrote up for them.
  • It's nice to know Microsoft knows everything about your computer.

  • It sounds like Microsoft did a thorough analysis of the malware and know some infected computers. In principle they will have been able to pass that info along to the victims? And provided some kind of mitigation?

  • by NewtonsLaw ( 409638 ) on Sunday January 16, 2022 @06:27PM (#62178585)

    So now we know exactly why Russia arrested the REVIL ransomware hackers recently. I wonder what kind of deals are being done to recruit their skills against foreign nations in return for a more lenient (if any) prison term? :->

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...