Microsoft said it has observed “destructive malware” in systems belonging to several Ukrainian government agencies and organisations that work with the authorities.
“The malware is disguised as ransomware but, if activated by the attacker, would render the infected computer system inoperable,” the company said in a statement. “We’re sharing this information to help others in the cybersecurity community look out for and defend against these attacks.”
Microsoft hasn’t identified any groups behind the attacks and is continuing its analysis. The malware was first detected on 13 January, the company said.
“We have already built and deployed protections for this malware into Microsoft 365 Defender Endpoint Detection and Anti-virus protections wherever these products are deployed, both on-premises and in the cloud,” it said. “We see no indication so far that these attacks utilize any vulnerability in Microsoft products and services.” — Eduard Gismatullin, (c) 2022 Bloomberg LP