Microsoft warns of cyberattack on Ukrainian computer networks
“If Russia is found to hit Ukraine with cyberattacks,” he said, “and if this continues over the coming period, we will work with our allies on the appropriate response.”
Understanding the escalation of tensions over Ukraine
Sullivan said the United States has worked with Ukraine to bolster its American systems and networks should the spate of ransomware and other attacks from Russia pick up pace in the United States.
For Russian President Vladimir V. Putin, Ukraine has often been a testing ground for cyber weapons.
An attack on Ukraine’s Central Election Commission during a presidential election in 2014, in which Russia unsuccessfully sought to alter the result, proved to be a model for Russian intelligence agencies; the United States later discovered that it had infiltrated the Democratic National Committee’s servers in the United States. In 2015, the first of two major attacks on Ukraine’s power grid knocked out lights for hours in different parts of the country, including in the capital Kyiv.
And in 2017, businesses and government agencies in Ukraine were hit with destructive software called NotPetya, which exploited flaws in a type of tax preparation software widely used in the country. The attack paralyzed entire sectors of the economy and also affected FedEx and the shipping company Maersk; US intelligence officials later traced him to Russian actors. This software, at least in its overall design, bears some resemblance to what Microsoft warned on Saturday.
The new attack would erase hard drives and destroy files. Some defense experts have said such an attack could be the prelude to a ground invasion by Russia. Others believe it could replace an invasion, if attackers believed a cyberattack would not result in the kind of financial and technological sanctions that Mr. Biden pledged to impose in response.
John Hultquist, one of Mandiant’s top cyber intelligence analysts, said Sunday that his company has told customers “to be prepared for destructive attacks, including attacks designed to look like ransomware.”
He noted that the Russian hacking unit known as Sandworm, which has since been closely linked to Russia’s military intelligence agency, the GRU, had spent the past few years developing “more sophisticated means of attacking critical infrastructure”, including in the Ukrainian electricity network.